nghttp2/nghttp2
1
0
Fork 0
mirror of https://github.com/nghttp2/nghttp2.git synced 2026-03-27 16:29:17 +08:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nghttp2:v1.67.x
Branches Tags
nghttp2:master nghttp2:v1.68.x nghttp2:src-slist nghttp2:copilot/find-unused-functions-and-macros nghttp2:v1.67.x nghttp2:v1.62.x nghttp2:invoke-result nghttp2:v1.55.x nghttp2:android-docker nghttp2:v1.45.x nghttp2:nghttpx-http3 nghttp2:quic nghttp2:gh-actions nghttp2:v1.39.x nghttp2:v1.35.x nghttp2:v1.32.x nghttp2:ws nghttp2:v1.31.x nghttp2:tls13-early-data-strike-reg nghttp2:v1.23.x nghttp2:nproc nghttp2:v1.21.x nghttp2:nghttpx-usr2-graceful-shutdown nghttp2:asio_threading nghttp2:boringssl-tls13 nghttp2:v1.18.x nghttp2:v1.16.x nghttp2:v1.14.x nghttp2:cache-digest nghttp2:v1.11.x nghttp2:http-parser-unknown-method nghttp2:v1.9.x nghttp2:v1.7.x nghttp2:hpack-8bits nghttp2:gh-pages nghttp2:v0.3-fix
nghttp2:v1.68.1 nghttp2:v1.68.0 nghttp2:v1.67.1 nghttp2:v1.67.0 nghttp2:v1.66.0 nghttp2:v1.65.0 nghttp2:v1.64.0 nghttp2:v1.63.0 nghttp2:v1.62.1 nghttp2:v1.62.0 nghttp2:v1.61.0 nghttp2:v1.60.0 nghttp2:v1.59.0 nghttp2:v1.58.0 nghttp2:v1.57.0 nghttp2:v1.56.0 nghttp2:v1.55.1 nghttp2:v1.55.0 nghttp2:v1.54.0 nghttp2:v1.53.0 nghttp2:v1.52.0 nghttp2:v1.51.0 nghttp2:v1.50.0 nghttp2:v1.49.0 nghttp2:v1.48.0 nghttp2:v1.47.0 nghttp2:v1.46.0 nghttp2:v1.45.1 nghttp2:v1.45.0 nghttp2:v1.44.0 nghttp2:v1.43.0 nghttp2:v1.42.0 nghttp2:v1.41.0 nghttp2:v1.40.0 nghttp2:v1.39.2 nghttp2:v1.39.1 nghttp2:v1.39.0 nghttp2:v1.38.0 nghttp2:v1.37.0 nghttp2:v1.36.0 nghttp2:v1.35.1 nghttp2:v1.35.0 nghttp2:v1.34.0 nghttp2:v1.33.0 nghttp2:v1.32.1 nghttp2:v1.32.0 nghttp2:v1.31.1 nghttp2:v1.31.0 nghttp2:v1.30.0 nghttp2:v1.29.0 nghttp2:v1.28.0 nghttp2:v1.27.0 nghttp2:v1.26.0 nghttp2:v1.25.0 nghttp2:v1.24.0 nghttp2:v1.23.1 nghttp2:v1.23.0 nghttp2:v1.22.0 nghttp2:v1.21.1 nghttp2:v1.21.0 nghttp2:v1.20.0 nghttp2:v1.19.0 nghttp2:v1.18.1 nghttp2:v1.18.0 nghttp2:v1.17.0 nghttp2:v1.16.1 nghttp2:v1.16.0 nghttp2:v1.15.0 nghttp2:v1.14.1 nghttp2:v1.14.0 nghttp2:v1.13.0 nghttp2:v1.12.0 nghttp2:v1.11.1 nghttp2:v1.11.0 nghttp2:v1.10.0 nghttp2:v1.9.2 nghttp2:v1.9.1 nghttp2:v1.9.0 nghttp2:v1.8.0 nghttp2:v1.7.1 nghttp2:v1.7.0 nghttp2:v1.6.0 nghttp2:v1.5.0 nghttp2:v1.4.0 nghttp2:v1.3.4 nghttp2:v1.3.3 nghttp2:v1.3.2 nghttp2:v1.3.1 nghttp2:v1.3.0 nghttp2:v1.2.1 nghttp2:v1.2.0 nghttp2:v1.1.2 nghttp2:v1.1.1 nghttp2:v1.1.0 nghttp2:v1.0.5 nghttp2:v1.0.4 nghttp2:v1.0.3 nghttp2:v1.0.2 nghttp2:v1.0.1 nghttp2:v1.0.0 nghttp2:v0.7.15 nghttp2:v0.7.14 nghttp2:v0.7.13 nghttp2:v0.7.12 nghttp2:v0.7.11 nghttp2:v0.7.10 nghttp2:v0.7.9 nghttp2:v0.7.8 nghttp2:v0.7.7 nghttp2:v0.7.6 nghttp2:v0.7.5 nghttp2:v0.7.4 nghttp2:v0.7.3 nghttp2:v0.7.2 nghttp2:v0.7.1 nghttp2:v0.7.0 nghttp2:v0.6.7 nghttp2:v0.6.6 nghttp2:v0.6.5 nghttp2:v0.6.4 nghttp2:v0.6.3 nghttp2:v0.6.2 nghttp2:v0.6.1 nghttp2:v0.6.0 nghttp2:v0.5.1 nghttp2:v0.5.0 nghttp2:v0.4.1 nghttp2:v0.4.0 nghttp2:v0.3.2 nghttp2:v0.3.1 nghttp2:v0.3.0 nghttp2:v0.2.0 nghttp2:v0.1.0
..
compare: nghttp2:v1.68.1
Branches Tags
nghttp2:master nghttp2:v1.68.x nghttp2:src-slist nghttp2:copilot/find-unused-functions-and-macros nghttp2:v1.67.x nghttp2:v1.62.x nghttp2:invoke-result nghttp2:v1.55.x nghttp2:android-docker nghttp2:v1.45.x nghttp2:nghttpx-http3 nghttp2:quic nghttp2:gh-actions nghttp2:v1.39.x nghttp2:v1.35.x nghttp2:v1.32.x nghttp2:ws nghttp2:v1.31.x nghttp2:tls13-early-data-strike-reg nghttp2:v1.23.x nghttp2:nproc nghttp2:v1.21.x nghttp2:nghttpx-usr2-graceful-shutdown nghttp2:asio_threading nghttp2:boringssl-tls13 nghttp2:v1.18.x nghttp2:v1.16.x nghttp2:v1.14.x nghttp2:cache-digest nghttp2:v1.11.x nghttp2:http-parser-unknown-method nghttp2:v1.9.x nghttp2:v1.7.x nghttp2:hpack-8bits nghttp2:gh-pages nghttp2:v0.3-fix
nghttp2:v1.68.1 nghttp2:v1.68.0 nghttp2:v1.67.1 nghttp2:v1.67.0 nghttp2:v1.66.0 nghttp2:v1.65.0 nghttp2:v1.64.0 nghttp2:v1.63.0 nghttp2:v1.62.1 nghttp2:v1.62.0 nghttp2:v1.61.0 nghttp2:v1.60.0 nghttp2:v1.59.0 nghttp2:v1.58.0 nghttp2:v1.57.0 nghttp2:v1.56.0 nghttp2:v1.55.1 nghttp2:v1.55.0 nghttp2:v1.54.0 nghttp2:v1.53.0 nghttp2:v1.52.0 nghttp2:v1.51.0 nghttp2:v1.50.0 nghttp2:v1.49.0 nghttp2:v1.48.0 nghttp2:v1.47.0 nghttp2:v1.46.0 nghttp2:v1.45.1 nghttp2:v1.45.0 nghttp2:v1.44.0 nghttp2:v1.43.0 nghttp2:v1.42.0 nghttp2:v1.41.0 nghttp2:v1.40.0 nghttp2:v1.39.2 nghttp2:v1.39.1 nghttp2:v1.39.0 nghttp2:v1.38.0 nghttp2:v1.37.0 nghttp2:v1.36.0 nghttp2:v1.35.1 nghttp2:v1.35.0 nghttp2:v1.34.0 nghttp2:v1.33.0 nghttp2:v1.32.1 nghttp2:v1.32.0 nghttp2:v1.31.1 nghttp2:v1.31.0 nghttp2:v1.30.0 nghttp2:v1.29.0 nghttp2:v1.28.0 nghttp2:v1.27.0 nghttp2:v1.26.0 nghttp2:v1.25.0 nghttp2:v1.24.0 nghttp2:v1.23.1 nghttp2:v1.23.0 nghttp2:v1.22.0 nghttp2:v1.21.1 nghttp2:v1.21.0 nghttp2:v1.20.0 nghttp2:v1.19.0 nghttp2:v1.18.1 nghttp2:v1.18.0 nghttp2:v1.17.0 nghttp2:v1.16.1 nghttp2:v1.16.0 nghttp2:v1.15.0 nghttp2:v1.14.1 nghttp2:v1.14.0 nghttp2:v1.13.0 nghttp2:v1.12.0 nghttp2:v1.11.1 nghttp2:v1.11.0 nghttp2:v1.10.0 nghttp2:v1.9.2 nghttp2:v1.9.1 nghttp2:v1.9.0 nghttp2:v1.8.0 nghttp2:v1.7.1 nghttp2:v1.7.0 nghttp2:v1.6.0 nghttp2:v1.5.0 nghttp2:v1.4.0 nghttp2:v1.3.4 nghttp2:v1.3.3 nghttp2:v1.3.2 nghttp2:v1.3.1 nghttp2:v1.3.0 nghttp2:v1.2.1 nghttp2:v1.2.0 nghttp2:v1.1.2 nghttp2:v1.1.1 nghttp2:v1.1.0 nghttp2:v1.0.5 nghttp2:v1.0.4 nghttp2:v1.0.3 nghttp2:v1.0.2 nghttp2:v1.0.1 nghttp2:v1.0.0 nghttp2:v0.7.15 nghttp2:v0.7.14 nghttp2:v0.7.13 nghttp2:v0.7.12 nghttp2:v0.7.11 nghttp2:v0.7.10 nghttp2:v0.7.9 nghttp2:v0.7.8 nghttp2:v0.7.7 nghttp2:v0.7.6 nghttp2:v0.7.5 nghttp2:v0.7.4 nghttp2:v0.7.3 nghttp2:v0.7.2 nghttp2:v0.7.1 nghttp2:v0.7.0 nghttp2:v0.6.7 nghttp2:v0.6.6 nghttp2:v0.6.5 nghttp2:v0.6.4 nghttp2:v0.6.3 nghttp2:v0.6.2 nghttp2:v0.6.1 nghttp2:v0.6.0 nghttp2:v0.5.1 nghttp2:v0.5.0 nghttp2:v0.4.1 nghttp2:v0.4.0 nghttp2:v0.3.2 nghttp2:v0.3.1 nghttp2:v0.3.0 nghttp2:v0.2.0 nghttp2:v0.1.0

89 Commits
v1.67.x ... v1.68.1

Author SHA1 Message Date
Tatsuhiro Tsujikawa
f769990597 Update manual pages 2026-03-18 19:11:58 +09:00
Tatsuhiro Tsujikawa
50c710a784 Bump package and library versions 2026-03-18 19:10:55 +09:00
Tatsuhiro Tsujikawa
c619c7be07 Add tests for iframe->state validation 2026-03-18 19:10:55 +09:00
Tatsuhiro Tsujikawa
5c7df8fa81 Fix missing iframe->state validations to avoid assertion failure 2026-03-17 22:50:32 +09:00
Tatsuhiro Tsujikawa
4af04320f2 altsvc: Avoid pointer arithmetic against NULL 2026-03-17 22:50:14 +09:00
Tatsuhiro Tsujikawa
943b64cfc5 Check nghttp2_is_fatal first 2026-03-17 22:50:14 +09:00
Tatsuhiro Tsujikawa
534b74b725 Update bash_completion 2025-10-25 17:13:35 +09:00
Tatsuhiro Tsujikawa
090c7fe26c Update manual pages 2025-10-25 17:13:19 +09:00
Tatsuhiro Tsujikawa
527cdebfee Bump package and library versions 2025-10-25 17:09:28 +09:00
Tatsuhiro Tsujikawa
a2667a6692 Merge pull request #2544 from nghttp2/bump-ngtcp2 
Bump ngtcp2 and its dependencies
 2025-10-22 21:25:39 +09:00
Tatsuhiro Tsujikawa
aedc348754 Bump ngtcp2 and its dependencies 2025-10-22 19:28:19 +09:00
Tatsuhiro Tsujikawa
19fbcf5238 Merge pull request #2543 from nghttp2/remove-ticket_keys-from-WorkerEvent 
nghttpx: Remove unused ticket_keys from WorkerEvent
 2025-10-14 21:06:32 +09:00
Tatsuhiro Tsujikawa
6fe99003df nghttpx: Remove unused ticket_keys from WorkerEvent 2025-10-14 20:33:21 +09:00
Tatsuhiro Tsujikawa
0139746d53 Merge pull request #2542 from nghttp2/optimize-quic-io 
Optimize quic io
 2025-10-14 19:35:06 +09:00
Tatsuhiro Tsujikawa
8dd0c86bde h2load: Prioritize QUIC UDP read event over the other events 2025-10-14 19:00:31 +09:00
Tatsuhiro Tsujikawa
5d4df477e8 h2load: Defer write to the next event loop for QUIC 2025-10-14 18:54:52 +09:00
Tatsuhiro Tsujikawa
2b355a338c nghttpx: Prioritize QUIC UDP read event over the other events 2025-10-14 18:54:44 +09:00
Tatsuhiro Tsujikawa
cfeec12a52 nghttpx: Defer write to the next event loop for QUIC 2025-10-14 18:48:38 +09:00
Tatsuhiro Tsujikawa
26e2d53536 Merge pull request #2541 from nghttp2/dependabot/go_modules/golang.org/x/net-0.46.0 
build(deps): bump golang.org/x/net from 0.44.0 to 0.46.0
 2025-10-14 08:35:08 +09:00
dependabot[bot]
d921c54209 build(deps): bump golang.org/x/net from 0.44.0 to 0.46.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.44.0 to 0.46.0.
- [Commits](https://github.com/golang/net/compare/v0.44.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 14:36:11 +00:00
Tatsuhiro Tsujikawa
8f729331c1 Merge pull request #2540 from nghttp2/nghttpx-quic-recv-pktcnt 
nghttpx: Increase number of UDP packets to read
 2025-10-13 19:14:15 +09:00
Tatsuhiro Tsujikawa
a25dd12811 nghttpx: Increase number of UDP packets to read 
It turns out that the limit of 10 packets per event loop is too small,
that prevents an endpoint from consuming ACKs and other control frames
(e.g., MAX_STREAM_DATA, MAX_STREAMS), resulting in the loss of
throughput.  This change increases maximum number of packets to read
to 64.
 2025-10-13 18:35:42 +09:00
Tatsuhiro Tsujikawa
2f1565b0e2 Merge pull request #2538 from nghttp2/dependabot/go_modules/github.com/quic-go/quic-go-0.55.0 
build(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.55.0
 2025-10-07 00:49:31 +09:00
dependabot[bot]
389ae66d12 build(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.55.0 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.54.1 to 0.55.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.54.1...v0.55.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:33:55 +00:00
Tatsuhiro Tsujikawa
a60e00c628 Merge pull request #2537 from nghttp2/dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 
build(deps): bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1
 2025-09-30 21:42:28 +09:00
dependabot[bot]
53ce088694 build(deps): bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.54.0 to 0.54.1.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.54.0...v0.54.1)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.54.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 18:32:02 +00:00
Copilot
e802ccc02a Fix typos in documentation: "or3xx" → "or 3xx" and missing space after period (#2536) 
Fix typos in documentation: "or3xx" → "or 3xx" and "itself.To" → "itself. To"

Co-authored-by: tatsuhiro-t <404610+tatsuhiro-t@users.noreply.github.com>
 2025-09-29 23:30:52 +09:00
Tatsuhiro Tsujikawa
17428a5d09 Merge pull request #2535 from nghttp2/h2load-quic-window-bits-default 
h2load: Set QUIC window-bits to 24 by default
 2025-09-29 22:23:26 +09:00
Tatsuhiro Tsujikawa
83683742f1 h2load: Set QUIC window-bits to 24 by default 
Reduce the default windows-bits for QUIC to 24 (16MiB).  The previous
default (1 << 30) is too large and causes too many packet losses on
very fast connection with super low RTT.
 2025-09-29 21:04:48 +09:00
Tatsuhiro Tsujikawa
fa585e9182 Merge pull request #2534 from nghttp2/remove-redundant-semicolon 
Remove redundant semicolon
 2025-09-28 17:53:35 +09:00
Tatsuhiro Tsujikawa
7434a37016 Remove redundant semicolon 2025-09-28 12:08:38 +09:00
Tatsuhiro Tsujikawa
a2c47748f0 Merge pull request #2533 from nghttp2/iterators 
src: Use std::ranges::begin and std::ranges::end consistently
 2025-09-25 22:23:20 +09:00
Tatsuhiro Tsujikawa
1784c1c0d1 src: Use std::ranges::begin and std::ranges::end consistently 2025-09-25 21:39:50 +09:00
Tatsuhiro Tsujikawa
59a9534a2d Merge pull request #2532 from nghttp2/adopt-nghttp3_conn_read_stream2 
src: Adopt nghttp3_conn_read_stream2
 2025-09-25 20:31:28 +09:00
Tatsuhiro Tsujikawa
7fcbcd786e src: Adopt nghttp3_conn_read_stream2 
Adopt nghttp3_conn_read_stream2 which requires nghttp3 v1.12.0.  To
pass the current timestamp, ngtcp2_conn_get_timestamp is used, which
requires ngtcp2 v1.16.0.
 2025-09-25 18:56:05 +09:00
Tatsuhiro Tsujikawa
4e0738d24a Merge pull request #2531 from nghttp2/bump-ngtcp2 
Bump ngtcp2 and its dependencies
 2025-09-25 18:49:18 +09:00
Tatsuhiro Tsujikawa
1e0413f4a6 Bump ngtcp2 and its dependencies 2025-09-25 17:51:17 +09:00
Tatsuhiro Tsujikawa
06e7219d10 Merge pull request #2530 from nghttp2/examples-consistent-cond-macro-comments 
examples: Consistent conditional macro comments
 2025-09-24 23:35:58 +09:00
Tatsuhiro Tsujikawa
c06c069126 examples: Consistent conditional macro comments 2025-09-24 22:44:11 +09:00
Tatsuhiro Tsujikawa
d8ed2559f6 Merge pull request #2529 from nghttp2/sgi-daemonize 
src: Move sgi _daemonize to util::daemonize
 2025-09-24 21:52:41 +09:00
Tatsuhiro Tsujikawa
d829be3517 src: Move sgi _daemonize to util::daemonize 
Move sgi _daemonize to util::daemonize so that we do not need to
handle sgi case in the multiple places.  Because we have no test
environment for sgi machine, the flags adjustment is omitted.  This is
not a problem now because we only call util::daemonize with zeros.
 2025-09-24 21:26:49 +09:00
Tatsuhiro Tsujikawa
6aa9f6c72e Merge pull request #2528 from nghttp2/src-consistent-cond-macro-comments 
src: Consistent conditional macro comments
 2025-09-24 20:55:10 +09:00
Tatsuhiro Tsujikawa
4181fffc02 src: Consistent conditional macro comments 2025-09-24 20:29:56 +09:00
Tatsuhiro Tsujikawa
8f8eef40e8 Merge pull request #2527 from nghttp2/lib-consistent-cond-macro-comments 
lib: Consistent conditional macro comments
 2025-09-23 15:01:54 +09:00
Tatsuhiro Tsujikawa
3a95bf47f3 lib: Consistent conditional macro comments 
Make conditional macro comments consistent.

- Repeat condition in closing #endif.
- Use #ifdef for a single macro.  Do not use #if defined(...) in this
  case.  Use defined(...) form when repeating condition in #endif.
- Apply De Morgan when negating conditions in #else.
 2025-09-23 14:30:52 +09:00
Tatsuhiro Tsujikawa
c218d441ea Merge pull request #2526 from nghttp2/nullptr 
src: Use nullptr in C++ code
 2025-09-23 00:29:01 +09:00
Tatsuhiro Tsujikawa
1952b166e9 src: Use nullptr in C++ code 2025-09-22 22:47:05 +09:00
Tatsuhiro Tsujikawa
bcfb5d8305 Merge pull request #2525 from nghttp2/nghttpx-cert-type-constexpr 
nghttpx: Define NGHTTP2_CERT_TYPE as constexpr
 2025-09-22 21:45:04 +09:00
Tatsuhiro Tsujikawa
37fb82621c nghttpx: Define NGHTTP2_CERT_TYPE as constexpr 2025-09-22 20:55:09 +09:00
Tatsuhiro Tsujikawa
00bd05edcc Merge pull request #2524 from nghttp2/nghttpx-drop-tlsv1.1 
nghttpx: Drop TLSv1.0 and TLSv1.1 support
 2025-09-21 19:14:07 +09:00
Tatsuhiro Tsujikawa
45c67616b9 nghttpx: Drop TLSv1.0 and TLSv1.1 support 
Nowadays, people always use TLSv1.3.  TLSv1.2 may be used for a
particular situation where TLSv1.3 is not available due to TLS stack
limitation.  The large companies started to drop TLSv1.1 and earlier
versions.  I do not feel keeping their support without a strong
reason, and I could not find any.
 2025-09-21 18:49:15 +09:00
Tatsuhiro Tsujikawa
d94ce2a557 Merge pull request #2523 from nghttp2/nghttpx-consistent-servername-cb-behavior 
nghttpx: Make servername_callback behavior consistent
 2025-09-21 18:05:33 +09:00
Tatsuhiro Tsujikawa
8a5c731533 nghttpx: Make servername_callback behavior consistent 
Make servername_callback behavior consistent across all supported TLS
stacks.  RFC 6066 does not provide any guidance or requirement when a
server must not acknowledge Server Name Indication.
 2025-09-21 17:25:22 +09:00
Tatsuhiro Tsujikawa
6dfb3bdb8f Merge pull request #2522 from nghttp2/nghttpx-wolfssl-support-mldsa-cert-select 
nghttpx: Support ML-DSA certificate selection with wolfSSL
 2025-09-21 17:24:43 +09:00
Tatsuhiro Tsujikawa
43649c8004 nghttpx: Support ML-DSA certificate selection with wolfSSL 2025-09-21 16:45:32 +09:00
Tatsuhiro Tsujikawa
b35fa94ba5 Merge pull request #2521 from nghttp2/nghttpx-refactor-cert-type-detection 
nghttpx: Select a certificate in a single pass
 2025-09-21 15:08:32 +09:00
Tatsuhiro Tsujikawa
ee6565feb7 nghttpx: Select a certificate in a single pass 
Refactored the certificate selection to select the certificate in a
single pass.  Cache the type of certificate to reduce the overhead.
 2025-09-21 14:39:09 +09:00
Tatsuhiro Tsujikawa
7caa11f09e Merge pull request #2520 from nghttp2/nghttpx-cert-select-fast-path 
nghttpx: Add the fast path when selecting a certificate
 2025-09-20 19:38:42 +09:00
Tatsuhiro Tsujikawa
cb73b18a53 nghttpx: Add the fast path when selecting a certificate 2025-09-20 18:59:23 +09:00
Tatsuhiro Tsujikawa
4da70b34d1 Merge pull request #2519 from nghttp2/nghttpx-wolfssl-cert-select 
nghttpx: Select certificate with wolfSSL
 2025-09-20 18:58:50 +09:00
Tatsuhiro Tsujikawa
cd868f00b9 nghttpx: Select certificate with wolfSSL 
This change adds the certificate selection with the supported
signature algorithms for wolfSSL in a way similar to BoringSSL.
wolfSSL does not support ML-DSA certificate as of this writing.
 2025-09-20 18:29:50 +09:00
Tatsuhiro Tsujikawa
9fc31cfd16 Merge pull request #2518 from nghttp2/nghttpx-boringssl-cert-select 
nghttpx: Select certificate with BoringSSL
 2025-09-20 18:23:05 +09:00
Tatsuhiro Tsujikawa
e9f04ae0ad nghttpx: Select certificate with BoringSSL 
Previously, the certificate selection in nghttpx depending on the
supported signature algorithm is dedicated to OpenSSL.  This change
brings the same capability to the BoringSSL build.  BoringSSL does not
support ML-DSA certificate as of this writing.
 2025-09-20 17:55:25 +09:00
Tatsuhiro Tsujikawa
5e75f0ac81 Merge pull request #2517 from nghttp2/nghttpx-cert-select-pkey-base-id 
nghttpx: Select ECDSA cert based on EVP_PKEY_base_id
 2025-09-20 11:52:36 +09:00
Tatsuhiro Tsujikawa
8c3f077c5e nghttpx: Select ECDSA cert based on EVP_PKEY_base_id 
We once refactored this with the shared curves, but it seems that it
is not entirely correct for this.  Perhaps, the usage of
X509_get_signature_nid was incorrect.
 2025-09-20 11:09:55 +09:00
Tatsuhiro Tsujikawa
9cbe936a25 Merge pull request #2516 from nghttp2/nghttpx-ml-dsa-cert-select 
nghttpx: Prefer ML-DSA certificate over ECDSA
 2025-09-19 23:32:08 +09:00
Tatsuhiro Tsujikawa
b815972b03 nghttpx: Prefer ML-DSA certificate over ECDSA 2025-09-19 23:00:53 +09:00
Tatsuhiro Tsujikawa
59b6d0d1d9 Merge pull request #2515 from nghttp2/nghttpx-supported-groups 
nghttpx: Add groups option
 2025-09-19 20:59:27 +09:00
Tatsuhiro Tsujikawa
028eeeefeb nghttpx: Add groups option 
The groups option takes the list of the supported groups.  This
deprecates ecdh-curves option.  If ecdh-curves option is used, it is
treated as if groups option is specified.
 2025-09-19 19:29:04 +09:00
Tatsuhiro Tsujikawa
1feb3679fe Merge pull request #2514 from nghttp2/groups-list 
Use SSL_CTX_set1_groups_list
 2025-09-19 19:24:03 +09:00
Tatsuhiro Tsujikawa
b00d8da2e2 Use SSL_CTX_set1_groups_list 
Replace SSL_CTX_set1_curves_list with SSL_CTX_set1_groups_list.
Remove the workaround for wolfSSL because the bug has been fixed.
 2025-09-19 18:45:04 +09:00
Tatsuhiro Tsujikawa
9df3962d08 Merge pull request #2513 from nghttp2/nghttpd-supported-groups 
nghttpd: Make the supported groups configurable
 2025-09-19 18:43:24 +09:00
Tatsuhiro Tsujikawa
304bfcbb70 nghttpd: Make the supported groups configurable 
Use the same default list of groups as h2load.
 2025-09-19 18:06:21 +09:00
Tatsuhiro Tsujikawa
280845e52e Merge pull request #2511 from nghttp2/dependabot/go_modules/golang.org/x/net-0.44.0 
build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0
 2025-09-16 00:05:32 +09:00
dependabot[bot]
bdc5d5a6d1 build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/net/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-15 14:39:06 +00:00
Tatsuhiro Tsujikawa
c9ff3599de Bump library version due to the patch release 2025-09-15 20:52:45 +09:00
Tatsuhiro Tsujikawa
15912bf810 Merge pull request #2510 from nghttp2/remove-glitch-from-invalid-stream2 
Remove session_update_glitch_ratelim called from deep inside the chain
 2025-09-15 20:25:59 +09:00
Tatsuhiro Tsujikawa
9e65104b00 Remove session_update_glitch_ratelim called from deep inside the chain 
Calling session_update_glitch_ratelim from
session_handle_invalid_stream2 makes handling error quite difficult
because it might be called in nested function calls.  It seems to me
that adding that is accidental.
 2025-09-15 18:58:05 +09:00
Tatsuhiro Tsujikawa
80ecefebb5 Merge pull request #2509 from nghttp2/fix-assertion-failure 
Fix assertion failure
 2025-09-15 18:24:32 +09:00
Tatsuhiro Tsujikawa
43b4369fba Fix assertion failure 
Fix assertion failure due to the missing check for NGHTTP2_IB_IGN_ALL
state.  Add tests.
 2025-09-15 17:56:17 +09:00
Tatsuhiro Tsujikawa
89b30903cc Merge pull request #2508 from nghttp2/more-builtin-ext-glitch 
Increase glitch counter for unexpected builtin extension frames
 2025-09-13 11:44:03 +09:00
Tatsuhiro Tsujikawa
4904c736e1 Increase glitch counter for unexpected builtin extension frames 2025-09-13 11:16:19 +09:00
Tatsuhiro Tsujikawa
3b45a19423 Merge pull request #2507 from nghttp2/dependabot/github_actions/actions/stale-10 
build(deps): bump actions/stale from 9 to 10
 2025-09-09 19:00:47 +09:00
Tatsuhiro Tsujikawa
fbf4a7b750 Merge pull request #2506 from nghttp2/dependabot/github_actions/actions/setup-go-6 
build(deps): bump actions/setup-go from 5 to 6
 2025-09-09 17:47:18 +09:00
Tatsuhiro Tsujikawa
2a190bf5ee Merge pull request #2505 from nghttp2/dependabot/github_actions/actions/github-script-8 
build(deps): bump actions/github-script from 7 to 8
 2025-09-09 08:48:32 +09:00
dependabot[bot]
877a78186c build(deps): bump actions/stale from 9 to 10 
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 14:09:59 +00:00
dependabot[bot]
3d363ae478 build(deps): bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 14:09:55 +00:00
dependabot[bot]
73141a7698 build(deps): bump actions/github-script from 7 to 8 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 14:09:51 +00:00
Tatsuhiro Tsujikawa
eacf3484ca Bump package version 2025-09-02 21:03:21 +09:00
185 changed files with 2111 additions and 1211 deletions
Expand all files Collapse all files

14
.github/workflows/build.yml vendored
View File

@@ -7,11 +7,11 @@ permissions: read-all
env:
LIBBPF_VERSION: v1.6.2
OPENSSL1_VERSION: 1_1_1w+quic
OPENSSL3_VERSION: 3.5.2
BORINGSSL_VERSION: 729648fb79df7bc46c145e49b0dfd8d2a24232f1
AWSLC_VERSION: v1.58.1
NGHTTP3_VERSION: v1.11.0
NGTCP2_VERSION: v1.15.1
OPENSSL3_VERSION: 3.6.0
BORINGSSL_VERSION: db1a8456167249f95b854a1cd24c6b553d0f1567
AWSLC_VERSION: v1.62.0
NGHTTP3_VERSION: v1.12.0
NGTCP2_VERSION: v1.17.0
WOLFSSL_VERSION: v5.8.2-stable
jobs:
@@ -524,7 +524,7 @@ jobs:
cd $NGHTTP2_BUILD_DIR
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
- uses: actions/setup-go@v5
- uses: actions/setup-go@v6
if: matrix.buildtool != 'distcheck'
with:
go-version: "1.24"
@@ -639,7 +639,7 @@ jobs:
GPG_KEY: ${{ secrets.GPG_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Make release
uses: actions/github-script@v7
uses: actions/github-script@v8
with:
script: |
const fs = require('fs')

2
.github/workflows/stale.yaml vendored
View File

@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/stale@v9
- uses: actions/stale@v10
with:
stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
days-before-stale: 30

4
CMakeLists.txt
View File

@@ -24,12 +24,12 @@
cmake_minimum_required(VERSION 3.14)
# XXX using 1.8.90 instead of 1.9.0-DEV
project(nghttp2 VERSION 1.67.1 LANGUAGES C)
project(nghttp2 VERSION 1.68.1 LANGUAGES C)
# See versioning rule:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
set(LT_CURRENT 43)
set(LT_REVISION 1)
set(LT_REVISION 3)
set(LT_AGE 29)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})

12
README.rst
View File

@@ -126,9 +126,9 @@ following libraries are required:
<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1w+quic>`_; or
wolfSSL; or LibreSSL (does not support 0RTT); or aws-lc; or
`BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit
729648fb79df7bc46c145e49b0dfd8d2a24232f1); or OpenSSL >= 3.5.0
* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 1.15.0
* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 1.11.0
db1a8456167249f95b854a1cd24c6b553d0f1567); or OpenSSL >= 3.5.0
* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 1.16.0
* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 1.12.0
Use ``--enable-http3`` configure option to enable HTTP/3 feature for
h2load and nghttpx.
@@ -340,7 +340,7 @@ Build aws-lc:
.. code-block:: text
$ git clone --depth 1 -b v1.58.1 https://github.com/aws/aws-lc
$ git clone --depth 1 -b v1.62.0 https://github.com/aws/aws-lc
$ cd aws-lc
$ cmake -B build -DDISABLE_GO=ON --install-prefix=$PWD/opt
$ make -j$(nproc) -C build
@@ -351,7 +351,7 @@ Build nghttp3:
.. code-block:: text
$ git clone --depth 1 -b v1.11.0 https://github.com/ngtcp2/nghttp3
$ git clone --depth 1 -b v1.12.0 https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ git submodule update --init --depth 1
$ autoreconf -i
@@ -364,7 +364,7 @@ Build ngtcp2:
.. code-block:: text
$ git clone --depth 1 -b v1.15.1 https://github.com/ngtcp2/ngtcp2
$ git clone --depth 1 -b v1.17.0 https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ git submodule update --init --depth 1
$ autoreconf -i

16
configure.ac
View File

@@ -25,7 +25,7 @@ dnl Do not change user variables!
dnl https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
AC_PREREQ(2.61)
AC_INIT([nghttp2], [1.67.1], [t-tujikawa@users.sourceforge.net])
AC_INIT([nghttp2], [1.68.1], [t-tujikawa@users.sourceforge.net])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])
@@ -45,7 +45,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
dnl See versioning rule:
dnl https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
AC_SUBST(LT_CURRENT, 43)
AC_SUBST(LT_REVISION, 1)
AC_SUBST(LT_REVISION, 3)
AC_SUBST(LT_AGE, 29)
major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
@@ -532,7 +532,7 @@ fi
# ngtcp2 (for src)
have_libngtcp2=no
if test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 1.15.0], [have_libngtcp2=yes],
PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 1.16.0], [have_libngtcp2=yes],
[have_libngtcp2=no])
if test "x${have_libngtcp2}" = "xno"; then
AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS)
@@ -549,7 +549,7 @@ have_libngtcp2_crypto_wolfssl=no
if test "x${have_wolfssl_quic}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_WOLFSSL],
[libngtcp2_crypto_wolfssl >= 1.15.0],
[libngtcp2_crypto_wolfssl >= 1.16.0],
[have_libngtcp2_crypto_wolfssl=yes],
[have_libngtcp2_crypto_wolfssl=no])
if test "x${have_libngtcp2_crypto_wolfssl}" = "xno"; then
@@ -573,7 +573,7 @@ if test "x${have_ssl_provide_quic_data}" = "xyes" &&
test "x${have_boringssl_quic}" != "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_QUICTLS],
[libngtcp2_crypto_quictls >= 1.15.0],
[libngtcp2_crypto_quictls >= 1.16.0],
[have_libngtcp2_crypto_quictls=yes],
[have_libngtcp2_crypto_quictls=no])
if test "x${have_libngtcp2_crypto_quictls}" = "xno"; then
@@ -598,7 +598,7 @@ if test "x${have_ssl_provide_quic_data}" = "xyes" &&
test "x${have_libressl}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_LIBRESSL],
[libngtcp2_crypto_libressl >= 1.15.0],
[libngtcp2_crypto_libressl >= 1.16.0],
[have_libngtcp2_crypto_libressl=yes],
[have_libngtcp2_crypto_libressl=no])
if test "x${have_libngtcp2_crypto_libressl}" = "xno"; then
@@ -643,7 +643,7 @@ have_libngtcp2_crypto_ossl=no
if test "x${have_ossl_quic}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_OSSL],
[libngtcp2_crypto_ossl >= 1.15.0],
[libngtcp2_crypto_ossl >= 1.16.0],
[have_libngtcp2_crypto_ossl=yes],
[have_libngtcp2_crypto_ossl=no])
if test "x${have_libngtcp2_crypto_ossl}" = "xno"; then
@@ -663,7 +663,7 @@ fi
# nghttp3 (for src)
have_libnghttp3=no
if test "x${request_libnghttp3}" != "xno"; then
PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 1.11.0], [have_libnghttp3=yes],
PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 1.12.0], [have_libnghttp3=yes],
[have_libnghttp3=no])
if test "x${have_libnghttp3}" = "xno"; then
AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS)

2
doc/README.rst
View File

@@ -111,7 +111,7 @@ The example follows::
``@struct`` is used to refer to the struct. Currently, only struct
typedefs are supported. The comment block is used for the document for
the struct type itself.To document each member, put comment block
the struct type itself. To document each member, put comment block
starting with the line ``/**`` and ending with the ``*/`` just before
the member. When the line starts with ``}`` is encountered, the
``mkapiref.py`` extracts strings next to ``}`` as the name of struct.

2
doc/bash_completion/nghttpd
View File

@@ -8,7 +8,7 @@ _nghttpd()
_get_comp_words_by_ref cur prev
case $cur in
-*)
COMPREPLY=( $( compgen -W '--address --daemon --verify-client --htdocs --verbose --no-tls --header-table-size --encoder-header-table-size --color --push --padding --max-concurrent-streams --workers --error-gzip --window-bits --connection-window-bits --dh-param-file --early-response --trailer --hexdump --echo-upload --mime-types-file --no-content-length --ktls --version --help ' -- "$cur" ) )
COMPREPLY=( $( compgen -W '--address --daemon --verify-client --htdocs --verbose --no-tls --header-table-size --encoder-header-table-size --color --push --padding --max-concurrent-streams --workers --error-gzip --window-bits --connection-window-bits --dh-param-file --early-response --trailer --hexdump --echo-upload --mime-types-file --no-content-length --groups --ktls --version --help ' -- "$cur" ) )
;;
*)
_filedir

2
doc/bash_completion/nghttpx
View File

@@ -8,7 +8,7 @@ _nghttpx()
_get_comp_words_by_ref cur prev
case $cur in
-*)
COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-idle-timeout --frontend-http3-idle-timeout --frontend-write-timeout --frontend-keep-alive-timeout --frontend-header-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --ecdh-curves --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --alpn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) )
COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-idle-timeout --frontend-http3-idle-timeout --frontend-write-timeout --frontend-keep-alive-timeout --frontend-header-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --groups --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --alpn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) )
;;
*)
_filedir

10
doc/h2load.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "H2LOAD" "1" "Sep 15, 2025" "1.67.1" "nghttp2"
.TH "H2LOAD" "1" "Mar 18, 2026" "1.68.1" "nghttp2"
.SH NAME
h2load \- HTTP/2 benchmarking tool
.SH SYNOPSIS
@@ -109,9 +109,9 @@ Default: \fB16K\fP
.TP
.B \-w, \-\-window\-bits=<N>
Sets the stream level initial window size to (2**<N>)\-1.
For QUIC, <N> is capped to 26 (roughly 64MiB).
.sp
Default: \fB30\fP
For QUIC, <N> is capped to 26 (roughly 64MiB). It
defaults to 24 (16MiB) for QUIC, and 30 for other
protocols.
.UNINDENT
.INDENT 0.0
.TP
@@ -388,7 +388,7 @@ The number of requests completed.
.TP
.B succeeded
The number of requests completed successfully. Only HTTP status
code 2xx or3xx are considered as success.
code 2xx or 3xx are considered as success.
.TP
.B failed
The number of requests failed, including HTTP level failures

8
doc/h2load.1.rst
View File

@@ -83,9 +83,9 @@ OPTIONS
.. option:: -w, --window-bits=<N>
Sets the stream level initial window size to (2\*\*<N>)-1.
For QUIC, <N> is capped to 26 (roughly 64MiB).
Default: ``30``
For QUIC, <N> is capped to 26 (roughly 64MiB). It
defaults to 24 (16MiB) for QUIC, and 30 for other
protocols.
.. option:: -W, --connection-window-bits=<N>
@@ -331,7 +331,7 @@ requests
The number of requests completed.
succeeded
The number of requests completed successfully. Only HTTP status
code 2xx or3xx are considered as success.
code 2xx or 3xx are considered as success.
failed
The number of requests failed, including HTTP level failures
(non-successful HTTP status code).

2
doc/h2load.h2r
View File

@@ -12,7 +12,7 @@ requests
The number of requests completed.
succeeded
The number of requests completed successfully. Only HTTP status
code 2xx or3xx are considered as success.
code 2xx or 3xx are considered as success.
failed
The number of requests failed, including HTTP level failures
(non-successful HTTP status code).

2
doc/nghttp.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTP" "1" "Sep 15, 2025" "1.67.1" "nghttp2"
.TH "NGHTTP" "1" "Mar 18, 2026" "1.68.1" "nghttp2"
.SH NAME
nghttp \- HTTP/2 client
.SH SYNOPSIS

9
doc/nghttpd.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTPD" "1" "Sep 15, 2025" "1.67.1" "nghttp2"
.TH "NGHTTPD" "1" "Mar 18, 2026" "1.68.1" "nghttp2"
.SH NAME
nghttpd \- HTTP/2 server
.SH SYNOPSIS
@@ -204,6 +204,13 @@ Don\(aqt send content\-length header field.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-groups=<GROUPS>
Specify the supported groups.
.sp
Default: \fBX25519:P\-256:P\-384:P\-521\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-ktls
Enable ktls.
.UNINDENT

6
doc/nghttpd.1.rst
View File

@@ -159,6 +159,12 @@ OPTIONS
Don't send content-length header field.
.. option:: --groups=<GROUPS>
Specify the supported groups.
Default: ``X25519:P-256:P-384:P-521``
.. option:: --ktls
Enable ktls.

42
doc/nghttpx.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTPX" "1" "Sep 15, 2025" "1.67.1" "nghttp2"
.TH "NGHTTPX" "1" "Mar 18, 2026" "1.68.1" "nghttp2"
.SH NAME
nghttpx \- HTTP/2 proxy
.SH SYNOPSIS
@@ -687,8 +687,8 @@ Default: \fB2m\fP
.B \-\-ciphers=<SUITE>
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use \fI\%\-\-tls13\-ciphers\fP for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
\fI\%\-\-tls13\-ciphers\fP for TLSv1.3.
.sp
Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384\fP
.UNINDENT
@@ -698,7 +698,7 @@ Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:EC
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
\fI\%\-\-ciphers\fP for TLSv1.2 or earlier.
\fI\%\-\-ciphers\fP for TLSv1.2.
.sp
Default: \fBTLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\fP
.UNINDENT
@@ -707,8 +707,8 @@ Default: \fBTLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_
.B \-\-client\-ciphers=<SUITE>
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use \fI\%\-\-tls13\-client\-ciphers\fP for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
\fI\%\-\-tls13\-client\-ciphers\fP for TLSv1.3.
.sp
Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384\fP
.UNINDENT
@@ -718,15 +718,15 @@ Default: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:EC
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
\fI\%\-\-tls13\-client\-ciphers\fP for TLSv1.2 or earlier.
\fI\%\-\-client\-ciphers\fP for TLSv1.2.
.sp
Default: \fBTLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-ecdh\-curves=<LIST>
Set supported curve list for frontend connections.
<LIST> is a colon separated list of curve NID or names
.B \-\-groups=<LIST>
Set the supported group list for frontend connections.
<LIST> is a colon separated list of group NID or names
in the preference order. The supported curves depend on
the linked OpenSSL library. This function requires
OpenSSL >= 1.0.2.
@@ -762,12 +762,12 @@ password protected it\(aqll be requested interactively.
Specify additional certificate and private key file.
nghttpx will choose certificates based on the hostname
indicated by client using TLS SNI extension. If nghttpx
is built with OpenSSL >= 1.0.2, the shared elliptic
curves (e.g., P\-256) between client and server are also
taken into consideration. This allows nghttpx to send
ECDSA certificate to modern clients, while sending RSA
based certificate to older clients. This option can be
used multiple times.
is built with OpenSSL >= 1.0.2, the signature algorithms
(e.g., ECDSA+SHA256) presented by client are also taken
into consideration. This allows nghttpx to send ML\-DSA
or ECDSA certificate to modern clients, while sending
RSA based certificate to older clients. This option can
be used multiple times.
.sp
Additional parameter can be specified in <PARAM>. The
available <PARAM> is \(dqsct\-dir=<DIR>\(dq.
@@ -836,12 +836,8 @@ done in case\-insensitive manner. The versions between
\fI\%\-\-tls\-min\-proto\-version\fP and \fI\%\-\-tls\-max\-proto\-version\fP are
enabled. If the protocol list advertised by client does
not overlap this range, you will receive the error
message \(dqunknown protocol\(dq. If a protocol version lower
than TLSv1.2 is specified, make sure that the compatible
ciphers are included in \fI\%\-\-ciphers\fP option. The default
cipher list only includes ciphers compatible with
TLSv1.2 or above. The available versions are:
TLSv1.3, TLSv1.2, TLSv1.1, and TLSv1.0
message \(dqunknown protocol\(dq. The available versions are:
TLSv1.3 and TLSv1.2
.sp
Default: \fBTLSv1.2\fP
.UNINDENT
@@ -854,7 +850,7 @@ done in case\-insensitive manner. The versions between
enabled. If the protocol list advertised by client does
not overlap this range, you will receive the error
message \(dqunknown protocol\(dq. The available versions are:
TLSv1.3, TLSv1.2, TLSv1.1, and TLSv1.0
TLSv1.3 and TLSv1.2
.sp
Default: \fBTLSv1.3\fP
.UNINDENT

40
doc/nghttpx.1.rst
View File

@@ -643,8 +643,8 @@ SSL/TLS
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use :option:`--tls13-ciphers` for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
:option:`--tls13-ciphers` for TLSv1.3.
Default: ``ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384``
@@ -653,7 +653,7 @@ SSL/TLS
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
:option:`--ciphers` for TLSv1.2 or earlier.
:option:`--ciphers` for TLSv1.2.
Default: ``TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256``
@@ -661,8 +661,8 @@ SSL/TLS
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use :option:`--tls13-client-ciphers` for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
:option:`--tls13-client-ciphers` for TLSv1.3.
Default: ``ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384``
@@ -671,14 +671,14 @@ SSL/TLS
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
:option:`--tls13-client-ciphers` for TLSv1.2 or earlier.
:option:`--client-ciphers` for TLSv1.2.
Default: ``TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256``
.. option:: --ecdh-curves=<LIST>
.. option:: --groups=<LIST>
Set supported curve list for frontend connections.
<LIST> is a colon separated list of curve NID or names
Set the supported group list for frontend connections.
<LIST> is a colon separated list of group NID or names
in the preference order. The supported curves depend on
the linked OpenSSL library. This function requires
OpenSSL >= 1.0.2.
@@ -710,12 +710,12 @@ SSL/TLS
Specify additional certificate and private key file.
nghttpx will choose certificates based on the hostname
indicated by client using TLS SNI extension. If nghttpx
is built with OpenSSL >= 1.0.2, the shared elliptic
curves (e.g., P-256) between client and server are also
taken into consideration. This allows nghttpx to send
ECDSA certificate to modern clients, while sending RSA
based certificate to older clients. This option can be
used multiple times.
is built with OpenSSL >= 1.0.2, the signature algorithms
(e.g., ECDSA+SHA256) presented by client are also taken
into consideration. This allows nghttpx to send ML-DSA
or ECDSA certificate to modern clients, while sending
RSA based certificate to older clients. This option can
be used multiple times.
Additional parameter can be specified in <PARAM>. The
available <PARAM> is "sct-dir=<DIR>".
@@ -776,12 +776,8 @@ SSL/TLS
:option:`--tls-min-proto-version` and :option:`\--tls-max-proto-version` are
enabled. If the protocol list advertised by client does
not overlap this range, you will receive the error
message "unknown protocol". If a protocol version lower
than TLSv1.2 is specified, make sure that the compatible
ciphers are included in :option:`--ciphers` option. The default
cipher list only includes ciphers compatible with
TLSv1.2 or above. The available versions are:
TLSv1.3, TLSv1.2, TLSv1.1, and TLSv1.0
message "unknown protocol". The available versions are:
TLSv1.3 and TLSv1.2
Default: ``TLSv1.2``
@@ -793,7 +789,7 @@ SSL/TLS
enabled. If the protocol list advertised by client does
not overlap this range, you will receive the error
message "unknown protocol". The available versions are:
TLSv1.3, TLSv1.2, TLSv1.1, and TLSv1.0
TLSv1.3 and TLSv1.2
Default: ``TLSv1.3``

6
docker/Dockerfile
View File

@@ -9,7 +9,7 @@ RUN apt-get update && \
zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison \
libelf-dev libbrotli-dev
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.58.1 https://github.com/aws/aws-lc && \
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.62.0 https://github.com/aws/aws-lc && \
cd aws-lc && \
export CC=clang-19 CXX=clang++-19 && \
cmake -B build -DDISABLE_GO=ON && \
@@ -18,7 +18,7 @@ RUN git clone --recursive --shallow-submodules --depth 1 -b v1.58.1 https://gith
cd .. && \
rm -rf aws-lc
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.11.0 https://github.com/ngtcp2/nghttp3 && \
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.12.0 https://github.com/ngtcp2/nghttp3 && \
cd nghttp3 && \
autoreconf -i && \
./configure --disable-dependency-tracking --enable-lib-only \
@@ -28,7 +28,7 @@ RUN git clone --recursive --shallow-submodules --depth 1 -b v1.11.0 https://gith
cd .. && \
rm -rf nghttp3
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.15.1 https://github.com/ngtcp2/ngtcp2 && \
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.17.0 https://github.com/ngtcp2/ngtcp2 && \
cd ngtcp2 && \
autoreconf -i && \
./configure --disable-dependency-tracking --enable-lib-only \

12
examples/client.c
View File

@@ -28,26 +28,26 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <inttypes.h>
#include <stdlib.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#endif /* defined(HAVE_UNISTD_H) */
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif /* HAVE_FCNTL_H */
#endif /* defined(HAVE_FCNTL_H) */
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif /* HAVE_SYS_SOCKET_H */
#endif /* defined(HAVE_SYS_SOCKET_H) */
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif /* HAVE_NETDB_H */
#endif /* defined(HAVE_NETDB_H) */
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif /* HAVE_NETINET_IN_H */
#endif /* defined(HAVE_NETINET_IN_H) */
#include <netinet/tcp.h>
#include <poll.h>
#include <signal.h>

2
examples/deflate.c
View File

@@ -24,7 +24,7 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* !HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <stdio.h>
#include <string.h>

12
examples/libevent-client.c
View File

@@ -31,26 +31,26 @@
}
# define warnx(format, args...) fprintf(stderr, format "\n", ##args)
char *strndup(const char *s, size_t size);
#endif
#endif /* defined(__sgi) */
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <sys/types.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#endif /* defined(HAVE_UNISTD_H) */
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif /* HAVE_SYS_SOCKET_H */
#endif /* defined(HAVE_SYS_SOCKET_H) */
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif /* HAVE_NETINET_IN_H */
#endif /* defined(HAVE_NETINET_IN_H) */
#include <netinet/tcp.h>
#ifndef __sgi
# include <err.h>
#endif
#endif /* !defined(__sgi) */
#include <signal.h>
#include <string.h>

26
examples/libevent-server.c
View File

@@ -30,35 +30,35 @@
}
# define warn(format, args...) warnx(format ": %s", ##args, strerror(errno))
# define warnx(format, args...) fprintf(stderr, format "\n", ##args)
#endif
#endif /* defined(__sgi) */
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif /* HAVE_SYS_SOCKET_H */
#endif /* defined(HAVE_SYS_SOCKET_H) */
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif /* HAVE_NETDB_H */
#endif /* defined(HAVE_NETDB_H) */
#include <signal.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#endif /* defined(HAVE_UNISTD_H) */
#include <sys/stat.h>
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif /* HAVE_FCNTL_H */
#endif /* defined(HAVE_FCNTL_H) */
#include <ctype.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif /* HAVE_NETINET_IN_H */
#endif /* defined(HAVE_NETINET_IN_H) */
#include <netinet/tcp.h>
#ifndef __sgi
# include <err.h>
#endif
#endif /* !defined(__sgi) */
#include <string.h>
#include <errno.h>
@@ -136,11 +136,11 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (SSL_CTX_set1_curves_list(ssl_ctx, "P-256") != 1) {
errx(1, "SSL_CTX_set1_curves_list failed: %s",
if (SSL_CTX_set1_groups_list(ssl_ctx, "P-256") != 1) {
errx(1, "SSL_CTX_set1_groups_list failed: %s",
ERR_error_string(ERR_get_error(), NULL));
}
#else /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
{
EC_KEY *ecdh;
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@@ -151,7 +151,7 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x30000000L) */
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM) != 1) {
errx(1, "Could not read private key file %s", key_file);
@@ -727,7 +727,7 @@ static void start_listen(struct event_base *evbase, const char *service,
hints.ai_flags = AI_PASSIVE;
#ifdef AI_ADDRCONFIG
hints.ai_flags |= AI_ADDRCONFIG;
#endif /* AI_ADDRCONFIG */
#endif /* defined(AI_ADDRCONFIG) */
rv = getaddrinfo(NULL, service, &hints, &res);
if (rv != 0) {

1
gennghttpxfun.py
View File

@@ -204,6 +204,7 @@ OPTIONS = [
"frontend-header-timeout",
"frontend-http2-idle-timeout",
"frontend-http3-idle-timeout",
"groups",
]
LOGVARS = [

17
go.mod
View File

@@ -4,18 +4,17 @@ go 1.24.0
require (
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874
github.com/quic-go/quic-go v0.54.0
github.com/quic-go/quic-go v0.55.0
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8
golang.org/x/net v0.43.0
golang.org/x/net v0.46.0
)
require (
github.com/quic-go/qpack v0.5.1 // indirect
go.uber.org/mock v0.5.0 // indirect
golang.org/x/crypto v0.41.0 // indirect
golang.org/x/mod v0.26.0 // indirect
golang.org/x/sync v0.16.0 // indirect
golang.org/x/sys v0.35.0 // indirect
golang.org/x/text v0.28.0 // indirect
golang.org/x/tools v0.35.0 // indirect
golang.org/x/crypto v0.43.0 // indirect
golang.org/x/mod v0.28.0 // indirect
golang.org/x/sync v0.17.0 // indirect
golang.org/x/sys v0.37.0 // indirect
golang.org/x/text v0.30.0 // indirect
golang.org/x/tools v0.37.0 // indirect
)

36
go.sum
View File

@@ -8,27 +8,27 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
github.com/quic-go/quic-go v0.55.0 h1:zccPQIqYCXDt5NmcEabyYvOnomjs8Tlwl7tISjJh9Mk=
github.com/quic-go/quic-go v0.55.0/go.mod h1:DR51ilwU1uE164KuWXhinFcKWGlEjzys2l8zUl5Ss1U=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8 h1:zKJxuRe+a0O34V81GAZWOrotuU6mveT30QLjJ7OPMMg=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8/go.mod h1:gTqc3Q4boc+cKRlSFywTYdX9t6VGRcsThlNIWwaL3Dc=
go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

4
lib/nghttp2_alpn.h
View File

@@ -27,8 +27,8 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#endif /* NGHTTP2_ALPN_H */
#endif /* !defined(NGHTTP2_ALPN_H) */

4
lib/nghttp2_buf.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -409,4 +409,4 @@ int nghttp2_bufs_next_present(nghttp2_bufs *bufs);
*/
size_t nghttp2_bufs_len(nghttp2_bufs *bufs);
#endif /* NGHTTP2_BUF_H */
#endif /* !defined(NGHTTP2_BUF_H) */

4
lib/nghttp2_callbacks.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -154,4 +154,4 @@ struct nghttp2_session_callbacks {
nghttp2_rand_callback rand_callback;
};
#endif /* NGHTTP2_CALLBACKS_H */
#endif /* !defined(NGHTTP2_CALLBACKS_H) */

4
lib/nghttp2_debug.c
View File

@@ -50,11 +50,11 @@ void nghttp2_set_debug_vprintf_callback(
static_debug_vprintf_callback = debug_vprintf_callback;
}
#else /* !DEBUGBUILD */
#else /* !defined(DEBUGBUILD) */
void nghttp2_set_debug_vprintf_callback(
nghttp2_debug_vprintf_callback debug_vprintf_callback) {
(void)debug_vprintf_callback;
}
#endif /* !DEBUGBUILD */
#endif /* !defined(DEBUGBUILD) */

8
lib/nghttp2_debug.h
View File

@@ -27,17 +27,17 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#ifdef DEBUGBUILD
# define DEBUGF(...) nghttp2_debug_vprintf(__VA_ARGS__)
void nghttp2_debug_vprintf(const char *format, ...);
#else
#else /* !defined(DEBUGBUILD) */
# define DEBUGF(...) \
do { \
} while (0)
#endif
#endif /* !defined(DEBUGBUILD) */
#endif /* NGHTTP2_DEBUG_H */
#endif /* !defined(NGHTTP2_DEBUG_H) */

4
lib/nghttp2_extpri.h
View File

@@ -28,7 +28,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -62,4 +62,4 @@ void nghttp2_extpri_from_uint8(nghttp2_extpri *extpri, uint8_t u8extpri);
*/
#define nghttp2_extpri_uint8_inc(PRI) (((PRI) & NGHTTP2_EXTPRI_INC_MASK) != 0)
#endif /* NGHTTP2_EXTPRI_H */
#endif /* !defined(NGHTTP2_EXTPRI_H) */

10
lib/nghttp2_frame.c
View File

@@ -750,6 +750,16 @@ void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame,
uint8_t *p;
altsvc = frame->payload;
if (payloadlen == 0) {
altsvc->origin = NULL;
altsvc->origin_len = 0;
altsvc->field_value = NULL;
altsvc->field_value_len = 0;
return;
}
p = payload;
altsvc->origin = p;

4
lib/nghttp2_frame.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_hd.h"
@@ -634,4 +634,4 @@ int nghttp2_iv_check(const nghttp2_settings_entry *iv, size_t niv);
void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
size_t padlen, int framehd_only);
#endif /* NGHTTP2_FRAME_H */
#endif /* !defined(NGHTTP2_FRAME_H) */

4
lib/nghttp2_hd.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -439,4 +439,4 @@ nghttp2_ssize nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
*/
int nghttp2_hd_huff_decode_failure_state(nghttp2_hd_huff_decode_context *ctx);
#endif /* NGHTTP2_HD_H */
#endif /* !defined(NGHTTP2_HD_H) */

4
lib/nghttp2_hd_huffman.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -69,4 +69,4 @@ typedef struct {
extern const nghttp2_huff_sym huff_sym_table[];
extern const nghttp2_huff_decode huff_decode_table[][16];
#endif /* NGHTTP2_HD_HUFFMAN_H */
#endif /* !defined(NGHTTP2_HD_HUFFMAN_H) */

4
lib/nghttp2_helper.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <string.h>
#include <stddef.h>
@@ -142,4 +142,4 @@ int nghttp2_should_send_window_update(int32_t local_window_size,
*/
uint8_t *nghttp2_cpymem(uint8_t *dest, const void *src, size_t len);
#endif /* NGHTTP2_HELPER_H */
#endif /* !defined(NGHTTP2_HELPER_H) */

4
lib/nghttp2_http.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_session.h"
@@ -97,4 +97,4 @@ void nghttp2_http_record_request_method(nghttp2_stream *stream,
int nghttp2_http_parse_priority(nghttp2_extpri *dest, const uint8_t *value,
size_t valuelen);
#endif /* NGHTTP2_HTTP_H */
#endif /* !defined(NGHTTP2_HTTP_H) */

4
lib/nghttp2_int.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -59,4 +59,4 @@ typedef enum {
NGHTTP2_ERR_PUSH_CANCEL = -107,
} nghttp2_internal_error;
#endif /* NGHTTP2_INT_H */
#endif /* !defined(NGHTTP2_INT_H) */

4
lib/nghttp2_mem.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -42,4 +42,4 @@ void nghttp2_mem_free2(nghttp2_free free_func, void *ptr, void *mem_user_data);
void *nghttp2_mem_calloc(nghttp2_mem *mem, size_t nmemb, size_t size);
void *nghttp2_mem_realloc(nghttp2_mem *mem, void *ptr, size_t size);
#endif /* NGHTTP2_MEM_H */
#endif /* !defined(NGHTTP2_MEM_H) */

16
lib/nghttp2_net.h
View File

@@ -27,28 +27,28 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif /* HAVE_ARPA_INET_H */
#endif /* defined(HAVE_ARPA_INET_H) */
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif /* HAVE_NETINET_IN_H */
#endif /* defined(HAVE_NETINET_IN_H) */
#include <nghttp2/nghttp2.h>
#if defined(WIN32)
#ifdef WIN32
/* Windows requires ws2_32 library for ntonl family functions. We
define inline functions for those function so that we don't have
dependency on that lib. */
# ifdef _MSC_VER
# define STIN static __inline
# else
# else /* !defined(_MSC_VER) */
# define STIN static inline
# endif
# endif /* !defined(_MSC_VER) */
STIN uint32_t htonl(uint32_t hostlong) {
uint32_t res;
@@ -86,6 +86,6 @@ STIN uint16_t ntohs(uint16_t netshort) {
return res;
}
#endif /* WIN32 */
#endif /* defined(WIN32) */
#endif /* NGHTTP2_NET_H */
#endif /* !defined(NGHTTP2_NET_H) */

4
lib/nghttp2_option.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -160,4 +160,4 @@ struct nghttp2_option {
uint8_t user_recv_ext_types[32];
};
#endif /* NGHTTP2_OPTION_H */
#endif /* !defined(NGHTTP2_OPTION_H) */

4
lib/nghttp2_outbound_item.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_frame.h"
@@ -186,4 +186,4 @@ void nghttp2_outbound_queue_pop(nghttp2_outbound_queue *q);
/* Returns the size of the queue */
#define nghttp2_outbound_queue_size(Q) ((Q)->n)
#endif /* NGHTTP2_OUTBOUND_ITEM_H */
#endif /* !defined(NGHTTP2_OUTBOUND_ITEM_H) */

4
lib/nghttp2_pq.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_int.h"
@@ -121,4 +121,4 @@ int nghttp2_pq_each(nghttp2_pq *pq, nghttp2_pq_item_cb fun, void *arg);
*/
void nghttp2_pq_remove(nghttp2_pq *pq, nghttp2_pq_entry *item);
#endif /* NGHTTP2_PQ_H */
#endif /* !defined(NGHTTP2_PQ_H) */

4
lib/nghttp2_priority_spec.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -39,4 +39,4 @@
*/
void nghttp2_priority_spec_normalize_weight(nghttp2_priority_spec *pri_spec);
#endif /* NGHTTP2_PRIORITY_SPEC_H */
#endif /* !defined(NGHTTP2_PRIORITY_SPEC_H) */

4
lib/nghttp2_queue.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -48,4 +48,4 @@ void *nghttp2_queue_front(nghttp2_queue *queue);
void *nghttp2_queue_back(nghttp2_queue *queue);
int nghttp2_queue_empty(nghttp2_queue *queue);
#endif /* NGHTTP2_QUEUE_H */
#endif /* !defined(NGHTTP2_QUEUE_H) */

4
lib/nghttp2_ratelim.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -54,4 +54,4 @@ void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp);
succeeds, or -1. */
int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n);
#endif /* NGHTTP2_RATELIM_H */
#endif /* !defined(NGHTTP2_RATELIM_H) */

4
lib/nghttp2_rcbuf.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -77,4 +77,4 @@ int nghttp2_rcbuf_new2(nghttp2_rcbuf **rcbuf_ptr, const uint8_t *src,
*/
void nghttp2_rcbuf_del(nghttp2_rcbuf *rcbuf);
#endif /* NGHTTP2_RCBUF_H */
#endif /* !defined(NGHTTP2_RCBUF_H) */

106
lib/nghttp2_session.c
View File

@@ -5466,6 +5466,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
busy = 1;
rv = session_on_data_received_fail_fast(session);
if (nghttp2_is_fatal(rv)) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
@@ -5486,10 +5490,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
break;
}
if (nghttp2_is_fatal(rv)) {
return rv;
}
rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd);
if (rv < 0) {
rv = nghttp2_session_terminate_session_with_reason(
@@ -5573,6 +5573,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
on_begin_frame_called = 1;
rv = session_process_headers_frame(session);
@@ -5654,7 +5658,7 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
DEBUGF("recv: WINDOW_UPDATE\n");
break;
}
#endif /* DEBUGBUILD */
#endif /* defined(DEBUGBUILD) */
iframe->frame.hd.flags = NGHTTP2_FLAG_NONE;
@@ -5838,6 +5842,16 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
case NGHTTP2_ALTSVC:
if ((session->builtin_recv_ext_types & NGHTTP2_TYPEMASK_ALTSVC) ==
0) {
/* Receiving too frequent unknown frames is suspicious. */
rv = session_update_glitch_ratelim(session);
if (rv != 0) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
busy = 1;
iframe->state = NGHTTP2_IB_IGN_PAYLOAD;
break;
@@ -5849,6 +5863,17 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
iframe->frame.ext.payload = &iframe->ext_frame_payload.altsvc;
if (session->server) {
/* Receiving too frequent ALTSVC from client is
suspicious. */
rv = session_update_glitch_ratelim(session);
if (rv != 0) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
busy = 1;
iframe->state = NGHTTP2_IB_IGN_PAYLOAD;
break;
@@ -5868,6 +5893,16 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
break;
case NGHTTP2_ORIGIN:
if (!(session->builtin_recv_ext_types & NGHTTP2_TYPEMASK_ORIGIN)) {
/* Receiving too frequent unknown frames is suspicious. */
rv = session_update_glitch_ratelim(session);
if (rv != 0) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
busy = 1;
iframe->state = NGHTTP2_IB_IGN_PAYLOAD;
break;
@@ -5879,6 +5914,17 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (session->server || iframe->frame.hd.stream_id ||
(iframe->frame.hd.flags & 0xf0)) {
/* Receiving too frequent invalid frames is
suspicious. */
rv = session_update_glitch_ratelim(session);
if (rv != 0) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
busy = 1;
iframe->state = NGHTTP2_IB_IGN_PAYLOAD;
break;
@@ -5905,6 +5951,16 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
case NGHTTP2_PRIORITY_UPDATE:
if ((session->builtin_recv_ext_types &
NGHTTP2_TYPEMASK_PRIORITY_UPDATE) == 0) {
/* Receiving too frequent unknown frames is suspicious. */
rv = session_update_glitch_ratelim(session);
if (rv != 0) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
busy = 1;
iframe->state = NGHTTP2_IB_IGN_PAYLOAD;
break;
@@ -5989,6 +6045,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
}
}
@@ -6241,6 +6301,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
session_inbound_frame_reset(session);
break;
@@ -6263,7 +6327,7 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
} else {
DEBUGF("recv: [IB_IGN_HEADER_BLOCK]\n");
}
#endif /* DEBUGBUILD */
#endif /* defined(DEBUGBUILD) */
readlen = inbound_frame_payload_readlen(iframe, in, last);
@@ -6495,7 +6559,7 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
} else {
fprintf(stderr, "recv: [IB_IGN_CONTINUATION]\n");
}
#endif /* DEBUGBUILD */
#endif /* defined(DEBUGBUILD) */
if (++session->num_continuations > session->max_continuations) {
return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
@@ -6547,6 +6611,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
} else {
iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
}
@@ -6719,13 +6787,17 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
rv = session->callbacks.on_data_chunk_recv_callback(
session, iframe->frame.hd.flags, iframe->frame.hd.stream_id,
in - readlen, (size_t)data_readlen, session->user_data);
if (rv == NGHTTP2_ERR_PAUSE) {
return (nghttp2_ssize)(in - first);
}
if (nghttp2_is_fatal(rv)) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
if (rv == NGHTTP2_ERR_PAUSE) {
return (nghttp2_ssize)(in - first);
}
}
}
}
@@ -6809,6 +6881,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
if (rv != 0) {
busy = 1;
@@ -6827,6 +6903,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
session_inbound_frame_reset(session);
break;
@@ -6855,6 +6935,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
session_inbound_frame_reset(session);
break;

4
lib/nghttp2_session.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_map.h"
@@ -892,4 +892,4 @@ int nghttp2_session_update_recv_stream_window_size(nghttp2_session *session,
size_t delta_size,
int send_window_update);
#endif /* NGHTTP2_SESSION_H */
#endif /* !defined(NGHTTP2_SESSION_H) */

4
lib/nghttp2_stream.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
#include "nghttp2_outbound_item.h"
@@ -294,4 +294,4 @@ void nghttp2_stream_attach_item(nghttp2_stream *stream,
*/
void nghttp2_stream_detach_item(nghttp2_stream *stream);
#endif /* NGHTTP2_STREAM */
#endif /* !defined(NGHTTP2_STREAM_H) */

4
lib/nghttp2_submit.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -37,4 +37,4 @@ int nghttp2_submit_data_shared(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider_wrap *dpw);
#endif /* NGHTTP2_SUBMIT_H */
#endif /* !defined(NGHTTP2_SUBMIT_H) */

15
lib/nghttp2_time.c
View File

@@ -26,7 +26,7 @@
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif /* HAVE_WINDOWS_H */
#endif /* defined(HAVE_WINDOWS_H) */
#include <time.h>
@@ -40,12 +40,11 @@ static uint64_t time_now_sec(void) {
return (uint64_t)t;
}
#endif /* !HAVE_GETTICKCOUNT64 || __CYGWIN__ */
#endif /* !defined(HAVE_GETTICKCOUNT64) || defined(__CYGWIN__) */
#if defined(HAVE_GETTICKCOUNT64) && !defined(__CYGWIN__)
uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; }
#elif defined(HAVE_CLOCK_GETTIME) && defined(HAVE_DECL_CLOCK_MONOTONIC) && \
HAVE_DECL_CLOCK_MONOTONIC
#elif defined(HAVE_CLOCK_GETTIME) && HAVE_DECL_CLOCK_MONOTONIC
uint64_t nghttp2_time_now_sec(void) {
struct timespec tp;
int rv = clock_gettime(CLOCK_MONOTONIC, &tp);
@@ -56,8 +55,8 @@ uint64_t nghttp2_time_now_sec(void) {
return (uint64_t)tp.tv_sec;
}
#else /* (!HAVE_CLOCK_GETTIME || !HAVE_DECL_CLOCK_MONOTONIC) && \
(!HAVE_GETTICKCOUNT64 || __CYGWIN__)) */
#else /* (!defined(HAVE_GETTICKCOUNT64) || !defined(__CYGWIN__)) && \
(!defined(HAVE_CLOCK_GETTIME) || !HAVE_DECL_CLOCK_MONOTONIC) */
uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); }
#endif /* (!HAVE_CLOCK_GETTIME || !HAVE_DECL_CLOCK_MONOTONIC) && \
(!HAVE_GETTICKCOUNT64 || __CYGWIN__)) */
#endif /* (!defined(HAVE_GETTICKCOUNT64) || !defined(__CYGWIN__)) && \
(!defined(HAVE_CLOCK_GETTIME) || !HAVE_DECL_CLOCK_MONOTONIC) */

4
lib/nghttp2_time.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>
@@ -35,4 +35,4 @@
timepoint. If it is unable to get seconds, it returns 0. */
uint64_t nghttp2_time_now_sec(void);
#endif /* NGHTTP2_TIME_H */
#endif /* !defined(NGHTTP2_TIME_H) */

2
lib/nghttp2_version.c
View File

@@ -24,7 +24,7 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <nghttp2/nghttp2.h>

10
src/HtmlParser.h
View File

@@ -31,10 +31,8 @@
#include <string>
#ifdef HAVE_LIBXML2
# include <libxml/HTMLparser.h>
#endif // HAVE_LIBXML2
#endif // defined(HAVE_LIBXML2)
namespace nghttp2 {
@@ -72,7 +70,7 @@ private:
ParserData parser_data_;
};
#else // !HAVE_LIBXML2
#else // !defined(HAVE_LIBXML2)
class HtmlParser {
public:
@@ -87,8 +85,8 @@ private:
std::vector<std::pair<std::string, ResourceType>> links_;
};
#endif // !HAVE_LIBXML2
#endif // !defined(HAVE_LIBXML2)
} // namespace nghttp2
#endif // HTML_PARSER_H
#endif // !defined(HTML_PARSER_H)

45
src/HttpServer.cc
View File

@@ -27,23 +27,23 @@
#include <sys/stat.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif // HAVE_FCNTL_H
#endif // defined(HAVE_FCNTL_H)
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#include <netinet/tcp.h>
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif // HAVE_ARPA_INET_H
#endif // defined(HAVE_ARPA_INET_H)
#include <cassert>
#include <unordered_set>
@@ -58,13 +58,13 @@
# include <wolfssl/options.h>
# include <wolfssl/openssl/err.h>
# include <wolfssl/openssl/dh.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/err.h>
# include <openssl/dh.h>
# if OPENSSL_3_0_0_API
# include <openssl/decoder.h>
# endif // OPENSSL_3_0_0_API
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <zlib.h>
@@ -76,9 +76,10 @@
#ifndef O_BINARY
# define O_BINARY (0)
#endif // O_BINARY
#endif // !defined(O_BINARY)
using namespace std::chrono_literals;
using namespace std::string_literals;
namespace nghttp2 {
@@ -101,6 +102,7 @@ void print_session_id(int64_t id) { std::cout << "[id=" << id << "] "; }
Config::Config()
: mime_types_file("/etc/mime.types"),
groups("X25519:P-256:P-384:P-521"sv),
stream_read_timeout(1_min),
stream_write_timeout(1_min),
data_ptr(nullptr),
@@ -1822,7 +1824,7 @@ void run_worker(Worker *worker) {
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
wc_ecc_fp_free();
#endif // NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
}
} // namespace
@@ -1907,15 +1909,15 @@ public:
for (;;) {
#ifdef HAVE_ACCEPT4
auto fd = accept4(fd_, nullptr, nullptr, SOCK_NONBLOCK);
#else // !HAVE_ACCEPT4
#else // !defined(HAVE_ACCEPT4)
auto fd = accept(fd_, nullptr, nullptr);
#endif // !HAVE_ACCEPT4
#endif // !defined(HAVE_ACCEPT4)
if (fd == -1) {
break;
}
#ifndef HAVE_ACCEPT4
util::make_socket_nonblocking(fd);
#endif // !HAVE_ACCEPT4
#endif // !defined(HAVE_ACCEPT4)
acceptor_->accept_connection(fd);
}
}
@@ -2021,7 +2023,7 @@ int start_listen(HttpServer *sv, struct ev_loop *loop, Sessions *sessions,
.ai_flags = AI_PASSIVE
#ifdef AI_ADDRCONFIG
| AI_ADDRCONFIG
#endif // AI_ADDRCONFIG
#endif // defined(AI_ADDRCONFIG)
,
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
@@ -2058,7 +2060,7 @@ int start_listen(HttpServer *sv, struct ev_loop *loop, Sessions *sessions,
continue;
}
}
#endif // IPV6_V6ONLY
#endif // defined(IPV6_V6ONLY)
if (bind(fd, rp->ai_addr, rp->ai_addrlen) == 0 && listen(fd, 1000) == 0) {
if (!acceptor) {
acceptor = std::make_shared<AcceptHandler>(sv, sessions, config);
@@ -2128,7 +2130,7 @@ int HttpServer::run() {
if (config_->ktls) {
ssl_opts |= SSL_OP_ENABLE_KTLS;
}
#endif // SSL_OP_ENABLE_KTLS
#endif // defined(SSL_OP_ENABLE_KTLS)
SSL_CTX_set_options(ssl_ctx, ssl_opts);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
@@ -2153,19 +2155,17 @@ int HttpServer::run() {
std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
return -1;
}
#endif // NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
const unsigned char sid_ctx[] = "nghttpd";
SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
#ifndef OPENSSL_NO_EC
if (SSL_CTX_set1_curves_list(ssl_ctx, "P-256") != 1) {
std::cerr << "SSL_CTX_set1_curves_list failed: "
if (SSL_CTX_set1_groups_list(ssl_ctx, config_->groups.data()) != 1) {
std::cerr << "SSL_CTX_set1_groups_list failed: "
<< ERR_error_string(ERR_get_error(), nullptr);
return -1;
}
#endif // OPENSSL_NO_EC
if (!config_->dh_param_file.empty()) {
// Read DH parameters from file
@@ -2239,7 +2239,8 @@ int HttpServer::run() {
std::cerr << "SSL_CTX_add_cert_compression_alg failed." << std::endl;
return -1;
}
#endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
#endif // defined(NGHTTP2_OPENSSL_IS_BORINGSSL) &&
// defined(HAVE_LIBBROTLI)
if (tls::setup_keylog_callback(ssl_ctx) != 0) {
std::cerr << "Failed to setup keylog" << std::endl;

8
src/HttpServer.h
View File

@@ -36,15 +36,16 @@
#include <vector>
#include <unordered_map>
#include <memory>
#include <string_view>
#include "ssl_compat.h"
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/ssl.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <ev.h>
@@ -70,6 +71,7 @@ struct Config {
std::string dh_param_file;
std::string address;
std::string mime_types_file;
std::string_view groups;
ev_tstamp stream_read_timeout;
ev_tstamp stream_write_timeout;
void *data_ptr;
@@ -258,4 +260,4 @@ nghttp2_ssize file_read_callback(nghttp2_session *session, int32_t stream_id,
} // namespace nghttp2
#endif // HTTP_SERVER_H
#endif // !defined(HTTP_SERVER_H)

4
src/allocator.h
View File

@@ -29,7 +29,7 @@
#ifndef _WIN32
# include <sys/uio.h>
#endif // !_WIN32
#endif // !defined(_WIN32)
#include <cassert>
#include <utility>
@@ -288,4 +288,4 @@ inline std::span<uint8_t> make_byte_ref(BlockAllocator &alloc, size_t size) {
} // namespace nghttp2
#endif // ALLOCATOR_H
#endif // !defined(ALLOCATOR_H)

10
src/app_helper.cc
View File

@@ -25,19 +25,19 @@
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif // HAVE_FCNTL_H
#endif // defined(HAVE_FCNTL_H)
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#include <netinet/tcp.h>
#include <poll.h>

4
src/app_helper.h
View File

@@ -31,7 +31,7 @@
#include <cstdlib>
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif // HAVE_SYS_TIME_H
#endif // defined(HAVE_SYS_TIME_H)
#include <poll.h>
#include <chrono>
@@ -91,4 +91,4 @@ void set_output(FILE *file);
} // namespace nghttp2
#endif // APP_HELPER_H
#endif // !defined(APP_HELPER_H)

2
src/base64.h
View File

@@ -197,4 +197,4 @@ std::span<const uint8_t> decode(BlockAllocator &balloc, R &&r) {
} // namespace nghttp2
#endif // BASE64_H
#endif // !defined(BASE64_H)

4
src/base64_test.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -42,4 +42,4 @@ munit_void_test_decl(test_base64_decode)
} // namespace nghttp2
#endif // BASE64_TEST_H
#endif // !defined(BASE64_TEST_H)

2
src/buffer.h
View File

@@ -76,4 +76,4 @@ template <size_t N> struct Buffer {
} // namespace nghttp2
#endif // BUFFER_H
#endif // !defined(BUFFER_H)

4
src/buffer_test.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -41,4 +41,4 @@ munit_void_test_decl(test_buffer_write)
} // namespace nghttp2
#endif // BUFFER_TEST_H
#endif // !defined(BUFFER_TEST_H)

8
src/comp_helper.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#include <jansson.h>
@@ -35,7 +35,7 @@
#ifdef __cplusplus
extern "C" {
#endif
#endif /* defined(__cplusplus) */
json_t *dump_deflate_header_table(nghttp2_hd_deflater *deflater);
@@ -52,6 +52,6 @@ void output_json_footer(void);
#ifdef __cplusplus
}
#endif
#endif /* defined(__cplusplus) */
#endif /* NGHTTP2_COMP_HELPER_H */
#endif /* !defined(NGHTTP2_COMP_HELPER_H) */

4
src/deflatehd.cc
View File

@@ -24,11 +24,11 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <getopt.h>
#include <cstdio>

110
src/h2load.cc
View File

@@ -28,12 +28,12 @@
#include <signal.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#include <netinet/tcp.h>
#include <sys/stat.h>
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif // HAVE_FCNTL_H
#endif // defined(HAVE_FCNTL_H)
#include <sys/mman.h>
#include <netinet/udp.h>
@@ -54,9 +54,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/err.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/err.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#ifdef ENABLE_HTTP3
# if defined(HAVE_LIBNGTCP2_CRYPTO_QUICTLS) || \
@@ -66,14 +66,14 @@
// defined(HAVE_LIBNGTCP2_CRYPTO_LIBRESSL)
# ifdef HAVE_LIBNGTCP2_CRYPTO_BORINGSSL
# include <ngtcp2/ngtcp2_crypto_boringssl.h>
# endif // HAVE_LIBNGTCP2_CRYPTO_BORINGSSL
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_BORINGSSL)
# ifdef HAVE_LIBNGTCP2_CRYPTO_WOLFSSL
# include <ngtcp2/ngtcp2_crypto_wolfssl.h>
# endif // HAVE_LIBNGTCP2_CRYPTO_WOLFSSL
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_WOLFSSL)
# ifdef HAVE_LIBNGTCP2_CRYPTO_OSSL
# include <ngtcp2/ngtcp2_crypto_ossl.h>
# endif // HAVE_LIBNGTCP2_CRYPTO_OSSL
#endif // ENABLE_HTTP3
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_OSSL)
#endif // defined(ENABLE_HTTP3)
#include "urlparse.h"
@@ -82,7 +82,7 @@
#ifdef ENABLE_HTTP3
# include "h2load_http3_session.h"
# include "h2load_quic.h"
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
#include "tls.h"
#include "http2.h"
#include "util.h"
@@ -90,7 +90,7 @@
#ifndef O_BINARY
# define O_BINARY (0)
#endif // O_BINARY
#endif // !defined(O_BINARY)
using namespace nghttp2;
@@ -163,9 +163,9 @@ bool Config::is_quic() const {
#ifdef ENABLE_HTTP3
return !alpn_list.empty() &&
(alpn_list[0] == NGHTTP3_ALPN_H3 || alpn_list[0] == "\x5h3-29");
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
return false;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
}
Config config;
@@ -462,7 +462,7 @@ Client::Client(uint32_t id, Worker *worker, size_t req_todo)
ssl(nullptr),
#ifdef ENABLE_HTTP3
quic{},
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
next_addr(config.addrs),
current_addr(nullptr),
reqidx(0),
@@ -509,14 +509,16 @@ Client::Client(uint32_t id, Worker *worker, size_t req_todo)
quic.pkt_timer.data = this;
# ifndef UDP_SEGMENT
quic.tx.no_gso = true;
# endif // UDP_SEGMENT
# endif // !defined(UDP_SEGMENT)
if (config.is_quic()) {
ev_set_priority(&rev, EV_MAXPRI);
quic.tx.data = std::make_unique<uint8_t[]>(QUIC_TX_DATALEN);
}
ngtcp2_ccerr_default(&quic.last_error);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
}
Client::~Client() {
@@ -532,7 +534,7 @@ Client::~Client() {
if (config.is_quic()) {
quic_free();
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
worker->sample_client_stat(&cstat);
++worker->client_smp.n;
@@ -557,7 +559,7 @@ int Client::make_socket(addrinfo *addr) {
std::cerr << "setsockopt UDP_GRO failed" << std::endl;
return -1;
}
# endif // UDP_GRO
# endif // defined(UDP_GRO)
rv = util::bind_any_addr_udp(fd, addr->ai_family);
if (rv != 0) {
@@ -578,7 +580,7 @@ int Client::make_socket(addrinfo *addr) {
std::cerr << "quic_init failed" << std::endl;
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
} else {
fd = util::create_nonblock_socket(addr->ai_family);
if (fd == -1) {
@@ -673,7 +675,7 @@ int Client::connect() {
readfn = &Client::read_quic;
writefn = &Client::write_quic;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
} else {
writefn = &Client::connected;
}
@@ -739,11 +741,11 @@ void Client::disconnect() {
if (config.is_quic()) {
quic_close_connection();
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
#ifdef ENABLE_HTTP3
ev_timer_stop(worker->loop, &quic.pkt_timer);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
ev_timer_stop(worker->loop, &conn_inactivity_watcher);
ev_timer_stop(worker->loop, &conn_active_watcher);
ev_timer_stop(worker->loop, &rps_watcher);
@@ -904,7 +906,7 @@ void print_server_tmp_key(SSL *ssl) {
}
}
} // namespace
#endif // !NGHTTP2_OPENSSL_IS_BORINGSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
void Client::report_tls_info() {
if (worker->id == 0 && !worker->tls_info_report_done) {
@@ -914,7 +916,7 @@ void Client::report_tls_info() {
<< "Cipher: " << SSL_CIPHER_get_name(cipher) << std::endl;
#ifndef NGHTTP2_OPENSSL_IS_BORINGSSL
print_server_tmp_key(ssl);
#endif // !NGHTTP2_OPENSSL_IS_BORINGSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
}
}
@@ -930,7 +932,7 @@ void Client::terminate_session() {
if (config.is_quic()) {
quic.close_requested = true;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
if (session) {
session->terminate();
}
@@ -1135,7 +1137,7 @@ int Client::connection_made() {
if ("h3"sv != proto && "h3-29"sv != proto) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
} else if (util::check_h2_is_selected(proto)) {
session = std::make_unique<Http2Session>(this);
} else if (NGHTTP2_H1_1 == proto) {
@@ -1505,7 +1507,7 @@ std::span<const uint8_t> Client::write_udp(const sockaddr *addr,
auto n = static_cast<uint16_t>(gso_size);
memcpy(CMSG_DATA(cm), &n, sizeof(n));
}
# endif // UDP_SEGMENT
# endif // defined(UDP_SEGMENT)
auto nwrite = sendmsg(fd, &msg, 0);
if (nwrite < 0) {
@@ -1528,7 +1530,7 @@ std::span<const uint8_t> Client::write_udp(const sockaddr *addr,
return {};
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
void Client::record_request_time(RequestStat *req_stat) {
req_stat->request_time = std::chrono::steady_clock::now();
@@ -1878,7 +1880,7 @@ void resolve_host() {
config.addrs = res.release();
return;
};
}
int rv;
addrinfo *res;
@@ -2196,9 +2198,9 @@ Options:
<< util::utos_unit(config.max_frame_size) << R"(
-w, --window-bits=<N>
Sets the stream level initial window size to (2**<N>)-1.
For QUIC, <N> is capped to 26 (roughly 64MiB).
Default: )"
<< config.window_bits << R"(
For QUIC, <N> is capped to 26 (roughly 64MiB). It
defaults to 24 (16MiB) for QUIC, and 30 for other
protocols.
-W, --connection-window-bits=<N>
Sets the connection level initial window size to
(2**<N>)-1.
@@ -2373,6 +2375,7 @@ int main(int argc, char **argv) {
std::string datafile;
std::string logfile;
bool nreqs_set_manually = false;
auto window_bits_set_manually = false;
while (1) {
static int flag = 0;
constexpr static option long_options[] = {
@@ -2449,14 +2452,14 @@ int main(int argc, char **argv) {
#ifdef NOTHREADS
std::cerr << "-t: WARNING: Threading disabled at build time, "
<< "no threads created." << std::endl;
#else
#else // !defined(NOTHREADS)
auto n = util::parse_uint(optarg);
if (!n) {
std::cerr << "-t: bad option value: " << optarg << std::endl;
exit(EXIT_FAILURE);
}
config.nthreads = static_cast<size_t>(*n);
#endif // NOTHREADS
#endif // !defined(NOTHREADS)
break;
}
case 'm': {
@@ -2478,6 +2481,7 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE);
}
if (c == 'w') {
window_bits_set_manually = true;
config.window_bits = static_cast<size_t>(*n);
} else {
config.connection_window_bits = static_cast<size_t>(*n);
@@ -2791,7 +2795,11 @@ int main(int argc, char **argv) {
// serialize the APLN tokens
for (auto &proto : config.alpn_list) {
proto.insert(proto.begin(), static_cast<char>(proto.size()));
proto.insert(std::ranges::begin(proto), static_cast<char>(proto.size()));
}
if (config.is_quic() && !window_bits_set_manually) {
config.window_bits = 24;
}
std::vector<std::string> reqlines;
@@ -2990,7 +2998,7 @@ int main(int argc, char **argv) {
if (config.ktls) {
ssl_opts |= SSL_OP_ENABLE_KTLS;
}
#endif // SSL_OP_ENABLE_KTLS
#endif // defined(SSL_OP_ENABLE_KTLS)
SSL_CTX_set_options(ssl_ctx, ssl_opts);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
@@ -3013,15 +3021,15 @@ int main(int argc, char **argv) {
<< std::endl;
exit(EXIT_FAILURE);
}
# endif // HAVE_LIBNGTCP2_CRYPTO_BORINGSSL
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_BORINGSSL)
# ifdef HAVE_LIBNGTCP2_CRYPTO_WOLFSSL
if (ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) {
std::cerr << "ngtcp2_crypto_wolfssl_configure_client_context failed"
<< std::endl;
exit(EXIT_FAILURE);
}
# endif // HAVE_LIBNGTCP2_CRYPTO_WOLFSSL
#endif // ENABLE_HTTP3
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_WOLFSSL)
#endif // defined(ENABLE_HTTP3)
} else if (nghttp2::tls::ssl_ctx_set_proto_versions(
ssl_ctx, nghttp2::tls::NGHTTP2_TLS_MIN_VERSION,
nghttp2::tls::NGHTTP2_TLS_MAX_VERSION) != 0) {
@@ -3044,23 +3052,14 @@ int main(int argc, char **argv) {
<< std::endl;
exit(EXIT_FAILURE);
}
#endif // NGHTTP2_GENUINE_OPENSSL || NGHTTP2_OPENSSL_IS_LIBRESSL ||
// NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // defined(NGHTTP2_GENUINE_OPENSSL) ||
// defined(NGHTTP2_OPENSSL_IS_LIBRESSL) ||
// defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
// Passing X25519 to SSL_CTX_set1_groups_list fails for some reason.
if (SSL_CTX_set1_curves_list(
ssl_ctx, const_cast<char *>(config.groups.c_str())) != 1) {
std::cerr << "SSL_CTX_set1_curves_list failed: "
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
exit(EXIT_FAILURE);
}
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) {
std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;
exit(EXIT_FAILURE);
}
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
std::vector<unsigned char> proto_list;
for (const auto &proto : config.alpn_list) {
@@ -3083,7 +3082,8 @@ int main(int argc, char **argv) {
std::cerr << "SSL_CTX_add_cert_compression_alg failed" << std::endl;
exit(EXIT_FAILURE);
}
#endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
#endif // defined(NGHTTP2_OPENSSL_IS_BORINGSSL) &&
// defined(HAVE_LIBBROTLI)
std::string user_agent = "h2load nghttp2/" NGHTTP2_VERSION;
Headers shared_nva;
@@ -3250,7 +3250,7 @@ int main(int argc, char **argv) {
# ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
wc_ecc_fp_free();
# endif // NGHTTP2_OPENSSL_IS_WOLFSSL
# endif // defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
}));
}
@@ -3266,7 +3266,7 @@ int main(int argc, char **argv) {
fut.get();
}
#else // NOTHREADS
#else // defined(NOTHREADS)
auto rate = config.rate;
auto nclients = config.nclients;
auto nreqs =
@@ -3278,7 +3278,7 @@ int main(int argc, char **argv) {
auto start = std::chrono::steady_clock::now();
workers.back()->run();
#endif // NOTHREADS
#endif // defined(NOTHREADS)
auto end = std::chrono::steady_clock::now();
auto duration =
@@ -3368,7 +3368,7 @@ traffic: )" << util::utos_funit(as_unsigned(stats.bytes_total))
std::cout << "UDP datagram: " << stats.udp_dgram_sent << " sent, "
<< stats.udp_dgram_recv << " received" << std::endl;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
std::cout
<< R"( min max mean sd +/- sd
time for request: )"

16
src/h2load.h
View File

@@ -30,10 +30,10 @@
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#include <sys/un.h>
#include <vector>
@@ -50,7 +50,7 @@
#ifdef ENABLE_HTTP3
# include <ngtcp2/ngtcp2.h>
# include <ngtcp2/ngtcp2_crypto.h>
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
#include <ev.h>
@@ -63,9 +63,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/ssl.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include "http2.h"
#include "memchunk.h"
@@ -373,7 +373,7 @@ struct Client {
bool no_gso;
} tx;
} quic;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
ev_timer request_timeout_watcher;
addrinfo *next_addr;
// Address for the current address. When try_new_connection() is
@@ -521,9 +521,9 @@ struct Client {
void quic_restart_pkt_timer();
void quic_write_qlog(const void *data, size_t datalen);
int quic_make_http3_session();
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
};
} // namespace h2load
#endif // H2LOAD_H
#endif // !defined(H2LOAD_H)

2
src/h2load_http1_session.h
View File

@@ -57,4 +57,4 @@ private:
} // namespace h2load
#endif // H2LOAD_HTTP1_SESSION_H
#endif // !defined(H2LOAD_HTTP1_SESSION_H)

11
src/h2load_http3_session.cc
View File

@@ -33,9 +33,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/rand.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/rand.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include "h2load.h"
@@ -424,10 +424,11 @@ int Http3Session::init_conn() {
ssize_t Http3Session::read_stream(uint32_t flags, int64_t stream_id,
const uint8_t *data, size_t datalen) {
auto nconsumed = nghttp3_conn_read_stream(
conn_, stream_id, data, datalen, flags & NGTCP2_STREAM_DATA_FLAG_FIN);
auto nconsumed = nghttp3_conn_read_stream2(
conn_, stream_id, data, datalen, flags & NGTCP2_STREAM_DATA_FLAG_FIN,
ngtcp2_conn_get_timestamp(client_->quic.conn));
if (nconsumed < 0) {
std::cerr << "nghttp3_conn_read_stream: "
std::cerr << "nghttp3_conn_read_stream2: "
<< nghttp3_strerror(static_cast<int>(nconsumed)) << std::endl;
ngtcp2_ccerr_set_application_error(
&client_->quic.last_error,

10
src/h2load_quic.cc
View File

@@ -35,7 +35,7 @@
// defined(HAVE_LIBNGTCP2_CRYPTO_LIBRESSL)
#ifdef HAVE_LIBNGTCP2_CRYPTO_BORINGSSL
# include <ngtcp2/ngtcp2_crypto_boringssl.h>
#endif // HAVE_LIBNGTCP2_CRYPTO_BORINGSSL
#endif // defined(HAVE_LIBNGTCP2_CRYPTO_BORINGSSL)
#include "ssl_compat.h"
@@ -43,10 +43,10 @@
# include <wolfssl/options.h>
# include <wolfssl/openssl/err.h>
# include <wolfssl/openssl/rand.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/err.h>
# include <openssl/rand.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include "h2load_http3_session.h"
@@ -549,7 +549,9 @@ int Client::quic_pkt_timeout() {
return -1;
}
return write_quic();
signal_write();
return 0;
}
void Client::quic_restart_pkt_timer() {

2
src/h2load_quic.h
View File

@@ -37,4 +37,4 @@ inline constexpr size_t QUIC_TX_DATALEN = 64_k;
void quic_pkt_timeout_cb(struct ev_loop *loop, ev_timer *w, int revents);
} // namespace h2load
#endif // H2LOAD_QUIC_H
#endif // !defined(H2LOAD_QUIC_H)

2
src/h2load_session.h
View File

@@ -56,4 +56,4 @@ public:
} // namespace h2load
#endif // H2LOAD_SESSION_H
#endif // !defined(H2LOAD_SESSION_H)

11
src/http2.cc
View File

@@ -274,15 +274,16 @@ namespace {
void capitalize_long(DefaultMemchunks *buf, const std::string_view &s) {
buf->append(util::upcase(s[0]));
auto it = s.begin() + 1;
auto it = std::ranges::begin(s) + 1;
for (; it != s.end();) {
auto p = std::ranges::find(it, s.end(), '-');
p = std::ranges::find_if(p, s.end(), [](auto c) { return c != '-'; });
for (; it != std::ranges::end(s);) {
auto p = std::ranges::find(it, std::ranges::end(s), '-');
p = std::ranges::find_if(p, std::ranges::end(s),
[](auto c) { return c != '-'; });
buf->append(it, p);
if (p == s.end()) {
if (p == std::ranges::end(s)) {
return;
}

2
src/http2.h
View File

@@ -433,4 +433,4 @@ std::string encode_extpri(const nghttp2_extpri &extpri);
} // namespace nghttp2
#endif // HTTP2_H
#endif // !defined(HTTP2_H)

8
src/http2_test.h
View File

@@ -22,12 +22,12 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef SHRPX_HTTP2_TEST_H
#define SHRPX_HTTP2_TEST_H
#ifndef HTTP2_TEST_H
#define HTTP2_TEST_H
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -57,4 +57,4 @@ munit_void_test_decl(test_http2_capitalize)
} // namespace shrpx
#endif // SHRPX_HTTP2_TEST_H
#endif // !defined(HTTP2_TEST_H)

2
src/http3.h
View File

@@ -77,4 +77,4 @@ void copy_headers_to_nva_nocopy(std::vector<nghttp3_nv> &nva,
} // namespace nghttp2
#endif // HTTP3_H
#endif // !defined(HTTP3_H)

4
src/inflatehd.cc
View File

@@ -24,11 +24,11 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <getopt.h>
#include <cstdio>

6
src/memchunk.h
View File

@@ -34,9 +34,9 @@ struct iovec {
void *iov_base; /* Pointer to data. */
size_t iov_len; /* Length of data. */
};
#else // !_WIN32
#else // !defined(_WIN32)
# include <sys/uio.h>
#endif // !_WIN32
#endif // !defined(_WIN32)
#include <cassert>
#include <cstring>
@@ -569,4 +569,4 @@ using DefaultMemchunkBuffer = MemchunkBuffer<Memchunk16K>;
} // namespace nghttp2
#endif // MEMCHUNK_H
#endif // !defined(MEMCHUNK_H)

4
src/memchunk_test.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -48,4 +48,4 @@ munit_void_test_decl(test_memchunkbuffer_drain_reset)
} // namespace nghttp2
#endif // MEMCHUNK_TEST_H
#endif // !defined(MEMCHUNK_TEST_H)

16
src/network.h
View File

@@ -27,23 +27,23 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef _WIN32
# include <ws2tcpip.h>
#else // !_WIN32
#else // !defined(_WIN32)
# include <sys/un.h>
#endif // !_WIN32
#endif // !defined(_WIN32)
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif // HAVE_ARPA_INET_H
#endif // defined(HAVE_ARPA_INET_H)
namespace nghttp2 {
@@ -54,7 +54,7 @@ union sockaddr_union {
sockaddr_in in;
#ifndef _WIN32
sockaddr_un un;
#endif // !_WIN32
#endif // !defined(_WIN32)
};
struct Address {
@@ -64,4 +64,4 @@ struct Address {
} // namespace nghttp2
#endif // NETWORK_H
#endif // !defined(NETWORK_H)

33
src/nghttp.cc
View File

@@ -27,13 +27,13 @@
#include <sys/stat.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif // HAVE_FCNTL_H
#endif // defined(HAVE_FCNTL_H)
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#include <netinet/tcp.h>
#include <getopt.h>
@@ -52,13 +52,13 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/err.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/err.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#ifdef HAVE_JANSSON
# include <jansson.h>
#endif // HAVE_JANSSON
#endif // defined(HAVE_JANSSON)
#include "app_helper.h"
#include "HtmlParser.h"
@@ -69,7 +69,7 @@
#ifndef O_BINARY
# define O_BINARY (0)
#endif // O_BINARY
#endif // !defined(O_BINARY)
namespace nghttp2 {
@@ -1566,7 +1566,7 @@ void HttpClient::output_har(FILE *outfile) {
json_dumpf(root, outfile, JSON_PRESERVE_ORDER | JSON_INDENT(2));
json_decref(root);
}
#endif // HAVE_JANSSON
#endif // defined(HAVE_JANSSON)
namespace {
void update_html_parser(HttpClient *client, Request *req, const uint8_t *data,
@@ -2176,7 +2176,7 @@ int communicate(
if (config.ktls) {
ssl_opts |= SSL_OP_ENABLE_KTLS;
}
#endif // SSL_OP_ENABLE_KTLS
#endif // defined(SSL_OP_ENABLE_KTLS)
SSL_CTX_set_options(ssl_ctx, ssl_opts);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
@@ -2211,7 +2211,7 @@ int communicate(
result = -1;
goto fin;
}
#endif // NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
if (!config.keyfile.empty()) {
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, config.keyfile.c_str(),
@@ -2245,7 +2245,8 @@ int communicate(
result = -1;
goto fin;
}
#endif // NGHTTP2_OPENSSL_IS_BORINGSSL && HAVE_LIBBROTLI
#endif // defined(NGHTTP2_OPENSSL_IS_BORINGSSL) &&
// defined(HAVE_LIBBROTLI)
if (tls::setup_keylog_callback(ssl_ctx) != 0) {
std::cerr << "[ERROR] Failed to setup keylog" << std::endl;
@@ -2304,7 +2305,7 @@ int communicate(
<< "har file could not be created." << std::endl;
}
}
#endif // HAVE_JANSSON
#endif // defined(HAVE_JANSSON)
if (client.success != client.reqvec.size()) {
std::cerr << "Some requests were not processed. total="
@@ -2765,10 +2766,10 @@ int main(int argc, char **argv) {
case 'r':
#ifdef HAVE_JANSSON
config.harfile = optarg;
#else // !HAVE_JANSSON
#else // !defined(HAVE_JANSSON)
std::cerr << "[WARNING]: -r, --har option is ignored because\n"
<< "the binary was not compiled with libjansson." << std::endl;
#endif // !HAVE_JANSSON
#endif // !defined(HAVE_JANSSON)
break;
case 'v':
++config.verbose;
@@ -2828,10 +2829,10 @@ int main(int argc, char **argv) {
case 'a':
#ifdef HAVE_LIBXML2
config.get_assets = true;
#else // !HAVE_LIBXML2
#else // !defined(HAVE_LIBXML2)
std::cerr << "[WARNING]: -a, --get-assets option is ignored because\n"
<< "the binary was not compiled with libxml2." << std::endl;
#endif // !HAVE_LIBXML2
#endif // !defined(HAVE_LIBXML2)
break;
case 's':
config.stat = true;

12
src/nghttp.h
View File

@@ -30,10 +30,10 @@
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#include <string>
#include <vector>
@@ -46,9 +46,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/ssl.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <ev.h>
@@ -261,7 +261,7 @@ struct HttpClient {
#ifdef HAVE_JANSSON
void output_har(FILE *outfile);
#endif // HAVE_JANSSON
#endif // defined(HAVE_JANSSON)
MemchunkPool mcpool;
DefaultMemchunks wb;
@@ -313,4 +313,4 @@ struct HttpClient {
} // namespace nghttp2
#endif // NGHTTP_H
#endif // !defined(NGHTTP_H)

4
src/nghttp2_config.h
View File

@@ -27,6 +27,6 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#endif // NGHTTP2_CONFIG_H
#endif // !defined(NGHTTP2_CONFIG_H)

21
src/nghttp2_gzip.h
View File

@@ -23,17 +23,18 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef NGHTTP2_GZIP_H
#define NGHTTP2_GZIP_H
# ifdef HAVE_CONFIG_H
# include <config.h>
# endif /* HAVE_CONFIG_H */
# include <zlib.h>
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* defined(HAVE_CONFIG_H) */
#include <zlib.h>
# include <nghttp2/nghttp2.h>
#include <nghttp2/nghttp2.h>
# ifdef __cplusplus
#ifdef __cplusplus
extern "C" {
# endif
#endif /* defined(__cplusplus) */
/**
* @struct
@@ -115,8 +116,8 @@ int nghttp2_gzip_inflate(nghttp2_gzip *inflater, uint8_t *out,
*/
int nghttp2_gzip_inflate_finished(nghttp2_gzip *inflater);
# ifdef __cplusplus
#ifdef __cplusplus
}
# endif
#endif /* defined(__cplusplus) */
#endif /* NGHTTP2_GZIP_H */
#endif /* !defined(NGHTTP2_GZIP_H) */

8
src/nghttp2_gzip_test.h
View File

@@ -27,11 +27,11 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#endif /* defined(HAVE_CONFIG_H) */
#ifdef __cplusplus
extern "C" {
#endif
#endif /* defined(__cplusplus) */
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -43,6 +43,6 @@ munit_void_test_decl(test_nghttp2_gzip_inflate)
#ifdef __cplusplus
}
#endif
#endif /* defined(__cplusplus) */
#endif /* NGHTTP2_GZIP_TEST_H */
#endif /* !defined(NGHTTP2_GZIP_TEST_H) */

23
src/nghttpd.cc
View File

@@ -24,13 +24,9 @@
*/
#include "nghttp2_config.h"
#ifdef __sgi
# define daemon _daemonize
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <signal.h>
#include <getopt.h>
@@ -176,6 +172,10 @@ Options:
<< config.mime_types_file << R"(
--no-content-length
Don't send content-length header field.
--groups=<GROUPS>
Specify the supported groups.
Default: )"
<< config.groups << R"(
--ktls Enable ktls.
--version Display version information and exit.
-h, --help Display this help and exit.
@@ -223,6 +223,7 @@ int main(int argc, char **argv) {
{"encoder-header-table-size", required_argument, &flag, 11},
{"ktls", no_argument, &flag, 12},
{"no-rfc7540-pri", no_argument, &flag, 13},
{"groups", required_argument, &flag, 14},
{nullptr, 0, nullptr, 0}};
int option_index = 0;
int c = getopt_long(argc, argv, "DVb:c:d:ehm:n:p:va:w:W:", long_options,
@@ -269,14 +270,14 @@ int main(int argc, char **argv) {
#ifdef NOTHREADS
std::cerr << "-n: WARNING: Threading disabled at build time, "
<< "no threads created." << std::endl;
#else
#else // !defined(NOTHREADS)
auto n = util::parse_uint(optarg);
if (!n) {
std::cerr << "-n: Bad option value: " << optarg << std::endl;
exit(EXIT_FAILURE);
}
config.num_worker = static_cast<size_t>(*n);
#endif // NOTHREADS
#endif // !defined(NOTHREADS)
break;
}
case 'h':
@@ -414,6 +415,10 @@ int main(int argc, char **argv) {
std::cerr << "[WARNING]: --no-rfc7540-pri option has been deprecated."
<< std::endl;
break;
case 14:
// groups option
config.groups = optarg;
break;
}
break;
default:
@@ -447,11 +452,7 @@ int main(int argc, char **argv) {
std::cerr << "-d option must be specified when -D is used." << std::endl;
exit(EXIT_FAILURE);
}
#ifdef __sgi
if (daemon(0, 0, 0, 0) == -1) {
#else
if (util::daemonize(0, 0) == -1) {
#endif
perror("daemon");
exit(EXIT_FAILURE);
}

6
src/shrpx-unittest.cc
View File

@@ -24,7 +24,7 @@
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#include "munit.h"
@@ -47,7 +47,7 @@
#include "shrpx_log.h"
#ifdef ENABLE_HTTP3
# include "siphash_test.h"
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
int main(int argc, char *argv[]) {
shrpx::create_config();
@@ -68,7 +68,7 @@ int main(int argc, char *argv[]) {
base64_suite,
#ifdef ENABLE_HTTP3
siphash_suite,
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
{},
};
const MunitSuite suite = {

127
src/shrpx.cc
View File

@@ -29,38 +29,38 @@
#include <sys/stat.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#include <sys/un.h>
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#include <signal.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif // HAVE_ARPA_INET_H
#endif // defined(HAVE_ARPA_INET_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <getopt.h>
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#endif // HAVE_SYSLOG_H
#endif // defined(HAVE_SYSLOG_H)
#ifdef HAVE_LIMITS_H
# include <limits.h>
#endif // HAVE_LIMITS_H
#endif // defined(HAVE_LIMITS_H)
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif // HAVE_SYS_TIME_H
#endif // defined(HAVE_SYS_TIME_H)
#include <sys/resource.h>
#ifdef HAVE_LIBSYSTEMD
# include <systemd/sd-daemon.h>
#endif // HAVE_LIBSYSTEMD
#endif // defined(HAVE_LIBSYSTEMD)
#ifdef HAVE_LIBBPF
# include <bpf/libbpf.h>
#endif // HAVE_LIBBPF
#endif // defined(HAVE_LIBBPF)
#include <cinttypes>
#include <limits>
@@ -79,11 +79,11 @@
# include <wolfssl/openssl/ssl.h>
# include <wolfssl/openssl/err.h>
# include <wolfssl/openssl/rand.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
# include <openssl/err.h>
# include <openssl/rand.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <ev.h>
#include <nghttp2/nghttp2.h>
@@ -98,8 +98,8 @@
// defined(HAVE_LIBNGTCP2_CRYPTO_LIBRESSL)
# ifdef HAVE_LIBNGTCP2_CRYPTO_OSSL
# include <ngtcp2/ngtcp2_crypto_ossl.h>
# endif // HAVE_LIBNGTCP2_CRYPTO_OSSL
#endif // ENABLE_HTTP3
# endif // defined(HAVE_LIBNGTCP2_CRYPTO_OSSL)
#endif // defined(ENABLE_HTTP3)
#include "shrpx_config.h"
#include "shrpx_tls.h"
@@ -189,7 +189,7 @@ struct WorkerProcess {
#ifdef ENABLE_HTTP3
,
int quic_ipc_fd, std::vector<WorkerID> worker_ids, uint16_t seq
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
)
: loop(loop),
worker_pid(worker_pid),
@@ -199,7 +199,7 @@ struct WorkerProcess {
quic_ipc_fd(quic_ipc_fd),
worker_ids(std::move(worker_ids)),
seq(seq)
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
{
ev_child_init(&worker_process_childev, worker_process_child_cb, worker_pid,
0);
@@ -214,7 +214,7 @@ struct WorkerProcess {
if (quic_ipc_fd != -1) {
close(quic_ipc_fd);
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
if (ipc_fd != -1) {
shutdown(ipc_fd, SHUT_WR);
@@ -231,7 +231,7 @@ struct WorkerProcess {
int quic_ipc_fd;
std::vector<WorkerID> worker_ids;
uint16_t seq;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
};
namespace {
@@ -243,7 +243,7 @@ std::deque<std::unique_ptr<WorkerProcess>> worker_processes;
#ifdef ENABLE_HTTP3
uint16_t worker_process_seq;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
} // namespace
namespace {
@@ -439,7 +439,7 @@ void shrpx_sd_notifyf(int unset_environment, const char *format, ...) {
va_start(args, format);
sd_notifyf(unset_environment, format, va_arg(args, char *));
va_end(args);
#endif // HAVE_LIBSYSTEMD
#endif // defined(HAVE_LIBSYSTEMD)
}
} // namespace
@@ -566,7 +566,7 @@ void exec_binary() {
quic_lwps.emplace_back(s);
envp[envidx++] = const_cast<char *>(quic_lwps.back().c_str());
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
for (size_t i = 0; i < envlen; ++i) {
auto env = std::string_view{environ[i]};
@@ -719,7 +719,7 @@ int create_unix_domain_server_socket(
<< xsi_strerror(error, errbuf.data(), errbuf.size());
return -1;
}
#else // !SOCK_NONBLOCK
#else // !defined(SOCK_NONBLOCK)
auto fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
auto error = errno;
@@ -728,7 +728,7 @@ int create_unix_domain_server_socket(
return -1;
}
util::make_socket_nonblocking(fd);
#endif // !SOCK_NONBLOCK
#endif // !defined(SOCK_NONBLOCK)
int val = 1;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val,
static_cast<socklen_t>(sizeof(val))) == -1) {
@@ -985,7 +985,7 @@ get_inherited_quic_lingering_worker_process_from_env() {
return lwps;
}
} // namespace
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
namespace {
int create_unix_domain_listener_socket(
@@ -1020,18 +1020,14 @@ int create_unix_domain_listener_socket(
namespace {
int call_daemon() {
#ifdef __sgi
return _daemonize(0, 0, 0, 0);
#else // !__sgi
# ifdef HAVE_LIBSYSTEMD
#ifdef HAVE_LIBSYSTEMD
if (sd_booted() && (getenv("NOTIFY_SOCKET") != nullptr)) {
LOG(NOTICE) << "Daemonising disabled under systemd";
chdir("/");
return 0;
}
# endif // HAVE_LIBSYSTEMD
#endif // defined(HAVE_LIBSYSTEMD)
return util::daemonize(0, 0);
#endif // !__sgi
}
} // namespace
@@ -1155,7 +1151,7 @@ collect_quic_lingering_worker_processes() {
return quic_lwps;
}
} // namespace
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
namespace {
ev_signal reopen_log_signalev;
@@ -1291,14 +1287,14 @@ pid_t fork_worker_process(int &main_ipc_fd
#ifdef ENABLE_HTTP3
,
int &wp_quic_ipc_fd
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
,
const std::vector<InheritedUNIXDomainAddr> &iaddrs
#ifdef ENABLE_HTTP3
,
std::vector<WorkerID> worker_ids,
std::vector<QUICLingeringWorkerProcess> quic_lwps
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
) {
std::array<char, STRERROR_BUFSIZE> errbuf;
int rv;
@@ -1318,7 +1314,7 @@ pid_t fork_worker_process(int &main_ipc_fd
if (rv != 0) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
rv = shrpx_signal_block_all(&oldset);
if (rv != 0) {
@@ -1364,7 +1360,7 @@ pid_t fork_worker_process(int &main_ipc_fd
// Do not close quic_ipc_fd.
wp->quic_ipc_fd = -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
if (!config->single_process) {
close(worker_process_ready_ipc_fd[0]);
@@ -1398,7 +1394,7 @@ pid_t fork_worker_process(int &main_ipc_fd
close(ipc_fd[1]);
#ifdef ENABLE_HTTP3
close(quic_ipc_fd[1]);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
}
WorkerProcessConfig wpconf{
@@ -1408,7 +1404,7 @@ pid_t fork_worker_process(int &main_ipc_fd
.worker_ids = std::move(worker_ids),
.quic_ipc_fd = quic_ipc_fd[0],
.quic_lingering_worker_processes = std::move(quic_lwps),
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
};
rv = worker_process_event_loop(&wpconf);
if (rv != 0) {
@@ -1453,7 +1449,7 @@ pid_t fork_worker_process(int &main_ipc_fd
#ifdef ENABLE_HTTP3
close(quic_ipc_fd[0]);
close(quic_ipc_fd[1]);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return -1;
}
@@ -1461,7 +1457,7 @@ pid_t fork_worker_process(int &main_ipc_fd
close(ipc_fd[0]);
#ifdef ENABLE_HTTP3
close(quic_ipc_fd[0]);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
main_ipc_fd = ipc_fd[1];
#ifdef ENABLE_HTTP3
@@ -1666,7 +1662,7 @@ void fill_default_config(Config *config) {
tlsconf.max_proto_version =
tls::proto_version_from_string(DEFAULT_TLS_MAX_PROTO_VERSION);
tlsconf.max_early_data = 16_k;
tlsconf.ecdh_curves = "X25519:P-256:P-384:P-521"sv;
tlsconf.groups = "X25519:P-256:P-384:P-521"sv;
auto &httpconf = config->http;
httpconf.server_name = "nghttpx"sv;
@@ -2405,39 +2401,39 @@ SSL/TLS:
--ciphers=<SUITE>
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use --tls13-ciphers for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
--tls13-ciphers for TLSv1.3.
Default: )"
<< config->tls.ciphers << R"(
--tls13-ciphers=<SUITE>
Set allowed cipher list for frontend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
--ciphers for TLSv1.2 or earlier.
--ciphers for TLSv1.2.
Default: )"
<< config->tls.tls13_ciphers << R"(
--client-ciphers=<SUITE>
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.2 or earlier.
Use --tls13-client-ciphers for TLSv1.3.
This option sets cipher suites for TLSv1.2. Use
--tls13-client-ciphers for TLSv1.3.
Default: )"
<< config->tls.client.ciphers << R"(
--tls13-client-ciphers=<SUITE>
Set allowed cipher list for backend connection. The
format of the string is described in OpenSSL ciphers(1).
This option sets cipher suites for TLSv1.3. Use
--tls13-client-ciphers for TLSv1.2 or earlier.
--client-ciphers for TLSv1.2.
Default: )"
<< config->tls.client.tls13_ciphers << R"(
--ecdh-curves=<LIST>
Set supported curve list for frontend connections.
<LIST> is a colon separated list of curve NID or names
--groups=<LIST>
Set the supported group list for frontend connections.
<LIST> is a colon separated list of group NID or names
in the preference order. The supported curves depend on
the linked OpenSSL library. This function requires
OpenSSL >= 1.0.2.
Default: )"
<< config->tls.ecdh_curves << R"(
<< config->tls.groups << R"(
-k, --insecure
Don't verify backend server's certificate if TLS is
enabled for backend connections.
@@ -2456,12 +2452,12 @@ SSL/TLS:
Specify additional certificate and private key file.
nghttpx will choose certificates based on the hostname
indicated by client using TLS SNI extension. If nghttpx
is built with OpenSSL >= 1.0.2, the shared elliptic
curves (e.g., P-256) between client and server are also
taken into consideration. This allows nghttpx to send
ECDSA certificate to modern clients, while sending RSA
based certificate to older clients. This option can be
used multiple times.
is built with OpenSSL >= 1.0.2, the signature algorithms
(e.g., ECDSA+SHA256) presented by client are also taken
into consideration. This allows nghttpx to send ML-DSA
or ECDSA certificate to modern clients, while sending
RSA based certificate to older clients. This option can
be used multiple times.
Additional parameter can be specified in <PARAM>. The
available <PARAM> is "sct-dir=<DIR>".
@@ -2507,16 +2503,12 @@ SSL/TLS:
--tls-min-proto-version and --tls-max-proto-version are
enabled. If the protocol list advertised by client does
not overlap this range, you will receive the error
message "unknown protocol". If a protocol version lower
than TLSv1.2 is specified, make sure that the compatible
ciphers are included in --ciphers option. The default
cipher list only includes ciphers compatible with
TLSv1.2 or above. The available versions are:
message "unknown protocol". The available versions are:
)"
#ifdef TLS1_3_VERSION
"TLSv1.3, "
"TLSv1.3 and "
#endif // TLS1_3_VERSION
"TLSv1.2, TLSv1.1, and TLSv1.0"
"TLSv1.2"
R"(
Default: )"
<< DEFAULT_TLS_MIN_PROTO_VERSION
@@ -2530,9 +2522,9 @@ SSL/TLS:
message "unknown protocol". The available versions are:
)"
#ifdef TLS1_3_VERSION
"TLSv1.3, "
"TLSv1.3 and "
#endif // TLS1_3_VERSION
"TLSv1.2, TLSv1.1, and TLSv1.0"
"TLSv1.2"
R"(
Default: )"
<< DEFAULT_TLS_MAX_PROTO_VERSION << R"(
@@ -3978,6 +3970,7 @@ int main(int argc, char **argv) {
195},
{SHRPX_OPT_FRONTEND_HTTP3_IDLE_TIMEOUT.data(), required_argument, &flag,
196},
{SHRPX_OPT_GROUPS.data(), required_argument, &flag, 197},
{nullptr, 0, nullptr, 0}};
int option_index = 0;
@@ -4903,6 +4896,10 @@ int main(int argc, char **argv) {
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP3_IDLE_TIMEOUT,
std::string_view{optarg});
break;
case 197:
// --groups
cmdcfgs.emplace_back(SHRPX_OPT_GROUPS, std::string_view{optarg});
break;
default:
break;
}

12
src/shrpx.h
View File

@@ -27,12 +27,12 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#include <cassert>
@@ -40,9 +40,9 @@
#ifndef HAVE__EXIT
# define nghttp2_Exit(status) _exit(status)
#else // HAVE__EXIT
#else // defined(HAVE__EXIT)
# define nghttp2_Exit(status) _Exit(status)
#endif // HAVE__EXIT
#endif // defined(HAVE__EXIT)
#define DIE() nghttp2_Exit(EXIT_FAILURE)
@@ -55,10 +55,10 @@ inline int initgroups(const char *user, gid_t group) { return 0; }
enum bpf_stats_type {
BPF_STATS_RUN_TIME = 0,
};
#endif // !HAVE_BPF_STATS_TYPE
#endif // !defined(HAVE_BPF_STATS_TYPE)
#ifdef NOTHREADS
# define thread_local
#endif // defined(NOTHREADS)
#endif // SHRPX_H
#endif // !defined(SHRPX_H)

10
src/shrpx_accept_handler.cc
View File

@@ -26,7 +26,7 @@
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <cerrno>
@@ -66,9 +66,9 @@ void AcceptHandler::accept_connection() {
#ifdef HAVE_ACCEPT4
auto cfd =
accept4(faddr_->fd, &sockaddr.sa, &addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC);
#else // !HAVE_ACCEPT4
#else // !defined(HAVE_ACCEPT4)
auto cfd = accept(faddr_->fd, &sockaddr.sa, &addrlen);
#endif // !HAVE_ACCEPT4
#endif // !defined(HAVE_ACCEPT4)
if (cfd == -1) {
switch (errno) {
@@ -79,7 +79,7 @@ void AcceptHandler::accept_connection() {
case EHOSTDOWN:
#ifdef ENONET
case ENONET:
#endif // ENONET
#endif // defined(ENONET)
case EHOSTUNREACH:
case EOPNOTSUPP:
case ENETUNREACH:
@@ -98,7 +98,7 @@ void AcceptHandler::accept_connection() {
#ifndef HAVE_ACCEPT4
util::make_socket_nonblocking(cfd);
util::make_socket_closeonexec(cfd);
#endif // !HAVE_ACCEPT4
#endif // !defined(HAVE_ACCEPT4)
worker_->handle_connection(cfd, &sockaddr.sa, addrlen, faddr_);
}

2
src/shrpx_accept_handler.h
View File

@@ -51,4 +51,4 @@ private:
} // namespace shrpx
#endif // SHRPX_ACCEPT_HANDLER_H
#endif // !defined(SHRPX_ACCEPT_HANDLER_H)

6
src/shrpx_api_downstream_connection.cc
View File

@@ -235,9 +235,9 @@ int APIDownstreamConnection::push_request_headers() {
char tempname[] = "/tmp/nghttpx-api.XXXXXX";
#ifdef HAVE_MKOSTEMP
fd_ = mkostemp(tempname, O_CLOEXEC);
#else // !HAVE_MKOSTEMP
#else // !defined(HAVE_MKOSTEMP)
fd_ = mkstemp(tempname);
#endif // !HAVE_MKOSTEMP
#endif // !defined(HAVE_MKOSTEMP)
if (fd_ == -1) {
send_reply(500, APIStatusCode::FAILURE);
@@ -245,7 +245,7 @@ int APIDownstreamConnection::push_request_headers() {
}
#ifndef HAVE_MKOSTEMP
util::make_socket_closeonexec(fd_);
#endif // HAVE_MKOSTEMP
#endif // !defined(HAVE_MKOSTEMP)
unlink(tempname);
break;
}

2
src/shrpx_api_downstream_connection.h
View File

@@ -112,4 +112,4 @@ private:
} // namespace shrpx
#endif // SHRPX_API_DOWNSTREAM_CONNECTION_H
#endif // !defined(SHRPX_API_DOWNSTREAM_CONNECTION_H)

12
src/shrpx_client_handler.cc
View File

@@ -26,13 +26,13 @@
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#include <cerrno>
#include <algorithm>
@@ -54,7 +54,7 @@
#include "shrpx_null_downstream_connection.h"
#ifdef ENABLE_HTTP3
# include "shrpx_http3_upstream.h"
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
#include "shrpx_log.h"
#include "util.h"
#include "template.h"
@@ -345,7 +345,7 @@ int ClientHandler::read_quic(const UpstreamAddr *faddr,
}
int ClientHandler::write_quic() { return upstream_->on_write(); }
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
int ClientHandler::upstream_noop() { return 0; }
@@ -569,7 +569,7 @@ void ClientHandler::setup_http3_upstream(
reset_upstream_read_timeout(config->conn.upstream.timeout.http3_idle);
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
ClientHandler::~ClientHandler() {
if (LOG_ENABLED(INFO)) {

10
src/shrpx_client_handler.h
View File

@@ -36,9 +36,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/ssl.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include "shrpx_rate_limit.h"
#include "shrpx_connection.h"
@@ -63,7 +63,7 @@ struct SharedDownstreamAddr;
struct DownstreamAddr;
#ifdef ENABLE_HTTP3
class Http3Upstream;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
class ClientHandler {
public:
@@ -163,7 +163,7 @@ public:
const Address &local_addr, const ngtcp2_pkt_info &pi,
std::span<const uint8_t> data);
int write_quic();
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
// Returns string suitable for use in "by" parameter of Forwarded
// header field.
@@ -248,4 +248,4 @@ private:
} // namespace shrpx
#endif // SHRPX_CLIENT_HANDLER_H
#endif // !defined(SHRPX_CLIENT_HANDLER_H)

133
src/shrpx_config.cc
View File

@@ -26,21 +26,21 @@
#ifdef HAVE_PWD_H
# include <pwd.h>
#endif // HAVE_PWD_H
#endif // defined(HAVE_PWD_H)
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif // HAVE_NETDB_H
#endif // defined(HAVE_NETDB_H)
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#endif // HAVE_SYSLOG_H
#endif // defined(HAVE_SYSLOG_H)
#include <sys/types.h>
#include <sys/stat.h>
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif // HAVE_FCNTL_H
#endif // defined(HAVE_FCNTL_H)
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <dirent.h>
#include <cstring>
@@ -51,9 +51,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/openssl/evp.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/evp.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <nghttp2/nghttp2.h>
@@ -64,7 +64,7 @@
#include "shrpx_http.h"
#ifdef HAVE_MRUBY
# include "shrpx_mruby.h"
#endif // HAVE_MRUBY
#endif // defined(HAVE_MRUBY)
#include "util.h"
#include "base64.h"
#include "ssl_compat.h"
@@ -72,7 +72,7 @@
#ifndef AI_NUMERICSERV
# define AI_NUMERICSERV 0
#endif
#endif // !defined(AI_NUMERICSERV)
namespace shrpx {
@@ -317,7 +317,7 @@ read_quic_secret_file(const std::string_view &path) {
return qkms;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
FILE *open_file_for_write(const char *filename) {
std::array<char, STRERROR_BUFSIZE> errbuf;
@@ -325,14 +325,14 @@ FILE *open_file_for_write(const char *filename) {
#ifdef O_CLOEXEC
auto fd =
open(filename, O_WRONLY | O_CLOEXEC | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
#else
#else // !defined(O_CLOEXEC)
auto fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
// We get race condition if execve is called at the same time.
if (fd != -1) {
util::make_socket_closeonexec(fd);
}
#endif
#endif // !defined(O_CLOEXEC)
if (fd == -1) {
auto error = errno;
LOG(ERROR) << "Failed to open " << filename << " for writing. Cause: "
@@ -947,10 +947,10 @@ int parse_upstream_params(UpstreamParams &out,
} else if (util::strieq("quic"sv, param)) {
#ifdef ENABLE_HTTP3
out.quic = true;
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
LOG(ERROR) << "quic: QUIC is disabled at compile time";
return -1;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
} else if (!param.empty()) {
LOG(ERROR) << "frontend: " << param << ": unknown keyword";
return -1;
@@ -1494,10 +1494,12 @@ int parse_subcert_params(SubcertParams &out,
return -1;
}
out.sct_dir = sct_dir;
#else // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_BORINGSSL
#else // !defined(NGHTTP2_GENUINE_OPENSSL) &&
// !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
LOG(WARN) << "subcert: sct-dir is ignored because underlying TLS library "
"does not support SCT";
#endif // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_BORINGSSL
#endif // !defined(NGHTTP2_GENUINE_OPENSSL) &&
// !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
} else if (!param.empty()) {
LOG(ERROR) << "subcert: " << param << ": unknown keyword";
return -1;
@@ -1695,7 +1697,7 @@ int parse_psk_secrets(Config *config, const std::string_view &path) {
return 0;
}
} // namespace
#endif // !OPENSSL_NO_PSK
#endif // !defined(OPENSSL_NO_PSK)
#ifndef OPENSSL_NO_PSK
namespace {
@@ -1757,7 +1759,7 @@ int parse_client_psk_secrets(Config *config, const std::string_view &path) {
return 0;
}
} // namespace
#endif // !OPENSSL_NO_PSK
#endif // !defined(OPENSSL_NO_PSK)
// generated by gennghttpxfun.py
int option_lookup_token(const std::string_view &name) {
@@ -1793,6 +1795,11 @@ int option_lookup_token(const std::string_view &name) {
return SHRPX_OPTID_DAEMON;
}
break;
case 's':
if (util::strieq("group"sv, name.substr(0, 5))) {
return SHRPX_OPTID_GROUPS;
}
break;
case 't':
if (util::strieq("cacer"sv, name.substr(0, 5))) {
return SHRPX_OPTID_CACERT;
@@ -2933,9 +2940,9 @@ int parse_config(
#ifdef ENABLE_HTTP3
auto &addrs = params.quic ? config->conn.quic_listener.addrs
: config->conn.listener.addrs;
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
auto &addrs = config->conn.listener.addrs;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
if (util::istarts_with(optarg, SHRPX_UNIX_PATH_PREFIX)) {
if (addr.quic) {
@@ -2992,7 +2999,7 @@ int parse_config(
#ifdef NOTHREADS
LOG(WARN) << "Threading disabled at build time, no threads created.";
return 0;
#else // !NOTHREADS
#else // !defined(NOTHREADS)
size_t n;
if (parse_uint(&n, opt, optarg) != 0) {
@@ -3008,7 +3015,7 @@ int parse_config(
config->num_worker = n;
return 0;
#endif // !NOTHREADS
#endif // !defined(NOTHREADS)
}
case SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS: {
LOG(WARN) << opt << ": deprecated. Use "
@@ -3684,10 +3691,10 @@ int parse_config(
case SHRPX_OPTID_MRUBY_FILE:
#ifdef HAVE_MRUBY
config->mruby_file = make_string_ref(config->balloc, optarg);
#else // !HAVE_MRUBY
#else // !defined(HAVE_MRUBY)
LOG(WARN) << opt
<< ": ignored because mruby support is disabled at build time.";
#endif // !HAVE_MRUBY
#endif // !defined(HAVE_MRUBY)
return 0;
case SHRPX_OPTID_ACCEPT_PROXY_PROTOCOL:
LOG(WARN) << opt << ": deprecated. Use proxyproto keyword in "
@@ -3906,16 +3913,22 @@ int parse_config(
return parse_uint_with_unit(
&config->http2.downstream.decoder_dynamic_table_size, opt, optarg);
case SHRPX_OPTID_ECDH_CURVES:
config->tls.ecdh_curves = make_string_ref(config->balloc, optarg);
LOG(WARN) << opt << ": deprecated. Use " << SHRPX_OPT_GROUPS
<< " instead.";
// fall through
case SHRPX_OPTID_GROUPS:
config->tls.groups = make_string_ref(config->balloc, optarg);
return 0;
case SHRPX_OPTID_TLS_SCT_DIR:
#if defined(NGHTTP2_GENUINE_OPENSSL) || defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
return read_tls_sct_from_dir(config->tls.sct_data, opt, optarg);
#else // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_BORINGSSL
#else // !defined(NGHTTP2_GENUINE_OPENSSL) &&
// !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
LOG(WARN)
<< opt << ": ignored because underlying TLS library does not support SCT";
return 0;
#endif // !NGHTTP2_GENUINE_OPENSSL && !NGHTTP2_OPENSSL_IS_BORINGSSL
#endif // !defined(NGHTTP2_GENUINE_OPENSSL) &&
// !defined(NGHTTP2_OPENSSL_IS_BORINGSSL)
case SHRPX_OPTID_DNS_CACHE_TIMEOUT:
return parse_duration(&config->dns.timeout.cache, opt, optarg);
case SHRPX_OPTID_DNS_LOOKUP_TIMEOUT:
@@ -3939,19 +3952,19 @@ int parse_config(
case SHRPX_OPTID_PSK_SECRETS:
#ifndef OPENSSL_NO_PSK
return parse_psk_secrets(config, optarg);
#else // OPENSSL_NO_PSK
#else // defined(OPENSSL_NO_PSK)
LOG(WARN)
<< opt << ": ignored because underlying TLS library does not support PSK";
return 0;
#endif // OPENSSL_NO_PSK
#endif // defined(OPENSSL_NO_PSK)
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
#ifndef OPENSSL_NO_PSK
return parse_client_psk_secrets(config, optarg);
#else // OPENSSL_NO_PSK
#else // defined(OPENSSL_NO_PSK)
LOG(WARN)
<< opt << ": ignored because underlying TLS library does not support PSK";
return 0;
#endif // OPENSSL_NO_PSK
#endif // defined(OPENSSL_NO_PSK)
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
LOG(WARN) << opt << ": deprecated. Use "
<< SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLOCK_LIST << " instead.";
@@ -4034,13 +4047,13 @@ int parse_config(
case SHRPX_OPTID_QUIC_BPF_PROGRAM_FILE:
#ifdef ENABLE_HTTP3
config->quic.bpf.prog_file = make_string_ref(config->balloc, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_NO_QUIC_BPF:
#ifdef ENABLE_HTTP3
config->quic.bpf.disabled = util::strieq("yes"sv, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_HTTP2_ALTSVC: {
@@ -4061,19 +4074,19 @@ int parse_config(
#ifdef ENABLE_HTTP3
return parse_duration(&config->conn.upstream.timeout.http3_idle, opt,
optarg);
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
return 0;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
case SHRPX_OPTID_FRONTEND_QUIC_IDLE_TIMEOUT:
#ifdef ENABLE_HTTP3
return parse_duration(&config->quic.upstream.timeout.idle, opt, optarg);
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
return 0;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
case SHRPX_OPTID_FRONTEND_QUIC_DEBUG_LOG:
#ifdef ENABLE_HTTP3
config->quic.upstream.debug.log = util::strieq("yes"sv, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_HTTP3_WINDOW_SIZE:
@@ -4082,7 +4095,7 @@ int parse_config(
optarg) != 0) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_HTTP3_CONNECTION_WINDOW_SIZE:
@@ -4091,7 +4104,7 @@ int parse_config(
opt, optarg) != 0) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_HTTP3_MAX_WINDOW_SIZE:
@@ -4100,7 +4113,7 @@ int parse_config(
optarg) != 0) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_HTTP3_MAX_CONNECTION_WINDOW_SIZE:
@@ -4109,32 +4122,32 @@ int parse_config(
opt, optarg) != 0) {
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_HTTP3_MAX_CONCURRENT_STREAMS:
#ifdef ENABLE_HTTP3
return parse_uint(&config->http3.upstream.max_concurrent_streams, opt,
optarg);
#else // !ENABLE_HTTP3
#else // !defined(ENABLE_HTTP3)
return 0;
#endif // !ENABLE_HTTP3
#endif // !defined(ENABLE_HTTP3)
case SHRPX_OPTID_FRONTEND_QUIC_EARLY_DATA:
#ifdef ENABLE_HTTP3
config->quic.upstream.early_data = util::strieq("yes"sv, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_QUIC_QLOG_DIR:
#ifdef ENABLE_HTTP3
config->quic.upstream.qlog.dir = make_string_ref(config->balloc, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_QUIC_REQUIRE_TOKEN:
#ifdef ENABLE_HTTP3
config->quic.upstream.require_token = util::strieq("yes"sv, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_QUIC_CONGESTION_CONTROLLER:
@@ -4147,7 +4160,7 @@ int parse_config(
LOG(ERROR) << opt << ": must be either cubic or bbr";
return -1;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_QUIC_SERVER_ID:
@@ -4159,13 +4172,13 @@ int parse_config(
}
util::decode_hex(optarg,
reinterpret_cast<uint8_t *>(&config->quic.server_id));
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_FRONTEND_QUIC_SECRET_FILE:
#ifdef ENABLE_HTTP3
config->quic.upstream.secret_file = make_string_ref(config->balloc, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
case SHRPX_OPTID_RLIMIT_MEMLOCK: {
@@ -4193,7 +4206,7 @@ int parse_config(
case SHRPX_OPTID_FRONTEND_QUIC_INITIAL_RTT: {
#ifdef ENABLE_HTTP3
return parse_duration(&config->quic.upstream.initial_rtt, opt, optarg);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
return 0;
}
@@ -4272,7 +4285,7 @@ std::string_view str_syslog_facility(int facility) {
#ifdef LOG_AUTHPRIV
case (LOG_AUTHPRIV):
return "authpriv"sv;
#endif // LOG_AUTHPRIV
#endif // defined(LOG_AUTHPRIV)
case (LOG_CRON):
return "cron"sv;
case (LOG_DAEMON):
@@ -4280,7 +4293,7 @@ std::string_view str_syslog_facility(int facility) {
#ifdef LOG_FTP
case (LOG_FTP):
return "ftp"sv;
#endif // LOG_FTP
#endif // defined(LOG_FTP)
case (LOG_KERN):
return "kern"sv;
case (LOG_LOCAL0):
@@ -4323,7 +4336,7 @@ int int_syslog_facility(const std::string_view &strfacility) {
if (util::strieq("authpriv"sv, strfacility)) {
return LOG_AUTHPRIV;
}
#endif // LOG_AUTHPRIV
#endif // defined(LOG_AUTHPRIV)
if (util::strieq("cron"sv, strfacility)) {
return LOG_CRON;
@@ -4337,7 +4350,7 @@ int int_syslog_facility(const std::string_view &strfacility) {
if (util::strieq("ftp"sv, strfacility)) {
return LOG_FTP;
}
#endif // LOG_FTP
#endif // defined(LOG_FTP)
if (util::strieq("kern"sv, strfacility)) {
return LOG_KERN;
@@ -4594,7 +4607,7 @@ int configure_downstream_group(Config *config, bool http2_proxy,
g.mruby_file = ""sv;
}
}
#endif // HAVE_MRUBY
#endif // defined(HAVE_MRUBY)
}
#ifdef HAVE_MRUBY
@@ -4606,7 +4619,7 @@ int configure_downstream_group(Config *config, bool http2_proxy,
return -1;
}
}
#endif // HAVE_MRUBY
#endif // defined(HAVE_MRUBY)
if (catch_all_group == -1) {
LOG(FATAL) << "backend: No catch-all backend address is configured";
@@ -4754,7 +4767,7 @@ int resolve_hostname(Address *addr, const char *hostname, uint16_t port,
.ai_flags = additional_flags
#ifdef AI_ADDRCONFIG
| AI_ADDRCONFIG
#endif // AI_ADDRCONFIG
#endif // defined(AI_ADDRCONFIG)
,
.ai_family = family,
.ai_socktype = SOCK_STREAM,
@@ -4768,7 +4781,7 @@ int resolve_hostname(Address *addr, const char *hostname, uint16_t port,
hints.ai_flags &= ~AI_ADDRCONFIG;
rv = getaddrinfo(hostname, service.c_str(), &hints, &res);
}
#endif // AI_ADDRCONFIG
#endif // defined(AI_ADDRCONFIG)
if (rv != 0) {
LOG(FATAL) << "Unable to resolve address for " << hostname << ": "
<< gai_strerror(rv);
@@ -4830,6 +4843,6 @@ QUICKeyingMaterial::operator=(QUICKeyingMaterial &&other) noexcept {
return *this;
}
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
} // namespace shrpx

32
src/shrpx_config.h
View File

@@ -30,14 +30,14 @@
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif // HAVE_SYS_SOCKET_H
#endif // defined(HAVE_SYS_SOCKET_H)
#include <sys/un.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif // HAVE_NETINET_IN_H
#endif // defined(HAVE_NETINET_IN_H)
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif // HAVE_ARPA_INET_H
#endif // defined(HAVE_ARPA_INET_H)
#include <cinttypes>
#include <cstdio>
#include <vector>
@@ -50,9 +50,9 @@
#ifdef NGHTTP2_OPENSSL_IS_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/ssl.h>
#else // !NGHTTP2_OPENSSL_IS_WOLFSSL
#else // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
# include <openssl/ssl.h>
#endif // !NGHTTP2_OPENSSL_IS_WOLFSSL
#endif // !defined(NGHTTP2_OPENSSL_IS_WOLFSSL)
#include <ev.h>
@@ -60,9 +60,9 @@
#include "shrpx_log.h"
#include "shrpx_router.h"
#if ENABLE_HTTP3
#ifdef ENABLE_HTTP3
# include "shrpx_quic.h"
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
#include "template.h"
#include "http2.h"
#include "network.h"
@@ -382,6 +382,7 @@ inline constexpr auto SHRPX_OPT_FRONTEND_HTTP2_IDLE_TIMEOUT =
"frontend-http2-idle-timeout"sv;
inline constexpr auto SHRPX_OPT_FRONTEND_HTTP3_IDLE_TIMEOUT =
"frontend-http3-idle-timeout"sv;
inline constexpr auto SHRPX_OPT_GROUPS = "groups"sv;
inline constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
@@ -635,7 +636,7 @@ struct QUICKeyingMaterial {
struct QUICKeyingMaterials {
std::vector<QUICKeyingMaterial> keying_materials;
};
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
struct HttpProxy {
Address addr;
@@ -731,7 +732,7 @@ struct TLSConfig {
std::string_view dh_param_file;
std::string_view ciphers;
std::string_view tls13_ciphers;
std::string_view ecdh_curves;
std::string_view groups;
std::string_view cacert;
// The maximum amount of 0-RTT data that server accepts.
uint32_t max_early_data;
@@ -781,7 +782,7 @@ struct Http3Config {
int32_t max_connection_window_size;
} upstream;
};
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
// custom error page
struct ErrorPage {
@@ -1001,7 +1002,7 @@ struct ConnectionConfig {
struct {
std::vector<UpstreamAddr> addrs;
} quic_listener;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
struct {
struct {
@@ -1048,7 +1049,7 @@ struct Config {
tls{},
#ifdef ENABLE_HTTP3
quic{},
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
logging{},
conn{},
api{},
@@ -1089,7 +1090,7 @@ struct Config {
#ifdef ENABLE_HTTP3
QUICConfig quic;
Http3Config http3;
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
LoggingConfig logging;
ConnectionConfig conn;
APIConfig api;
@@ -1240,6 +1241,7 @@ enum {
SHRPX_OPTID_FRONTEND_QUIC_SECRET_FILE,
SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
SHRPX_OPTID_GROUPS,
SHRPX_OPTID_HEADER_FIELD_BUFFER,
SHRPX_OPTID_HOST_REWRITE,
SHRPX_OPTID_HTTP2_ALTSVC,
@@ -1401,7 +1403,7 @@ read_tls_ticket_key_file(const std::vector<std::string_view> &files,
#ifdef ENABLE_HTTP3
std::shared_ptr<QUICKeyingMaterials>
read_quic_secret_file(const std::string_view &path);
#endif // ENABLE_HTTP3
#endif // defined(ENABLE_HTTP3)
// Returns string representation of |proto|.
std::string_view strproto(Proto proto);
@@ -1415,4 +1417,4 @@ int resolve_hostname(Address *addr, const char *hostname, uint16_t port,
} // namespace shrpx
#endif // SHRPX_CONFIG_H
#endif // !defined(SHRPX_CONFIG_H)

2
src/shrpx_config_test.cc
View File

@@ -26,7 +26,7 @@
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif // HAVE_UNISTD_H
#endif // defined(HAVE_UNISTD_H)
#include <cstdlib>

4
src/shrpx_config_test.h
View File

@@ -27,7 +27,7 @@
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif // HAVE_CONFIG_H
#endif // defined(HAVE_CONFIG_H)
#define MUNIT_ENABLE_ASSERT_ALIASES
@@ -44,4 +44,4 @@ munit_void_test_decl(test_shrpx_config_read_tls_ticket_key_file_aes_256)
} // namespace shrpx
#endif // SHRPX_CONFIG_TEST_H
#endif // !defined(SHRPX_CONFIG_TEST_H)

2
src/shrpx_connect_blocker.h
View File

@@ -83,4 +83,4 @@ private:
} // namespace shrpx
#endif // SHRPX_CONNECT_BLOCKER_H
#endif // !defined(SHRPX_CONNECT_BLOCKER_H)

Some files were not shown because too many files have changed in this diff Show More